Landlock Sandboxing Now Supports More Controls Around Unix Sockets
([Linux Security] 5 Hours Ago
Landlock + Unix Sockets)
- Reference: 0001493492
- News link: https://www.phoronix.com/news/Landlock-Scoping-Unix-Sockets
- Source link:
[1]Landlock as the Linux security module for unprivileged access control handling is adding new controls around Unix socket handling with the Linux 6.12 kernel.
Landlock for Linux 6.12 delivers signal and abstract Unix socket controls for the Landlock LSM. This was a useful project from the Outreachy internship program and allows for better Linux process isolation.
Tahera Fahimi as the Outreachy intern who worked out this Landlock improvement explained in the prior [2]patch series for this abstract Unix socket scoping support:
"Abstract unix sockets are used for local inter-process communications independent of the filesystem. Currently, a sandboxed process can connect to a socket outside of the sandboxed environment, since Landlock has no restriction for connecting to an abstract socket address. Access to such sockets for a sandboxed process should be scoped the same way ptrace is limited.
...
To solve this issue, we extend the user space interface by adding a new "scoped" field to Landlock ruleset attribute structure. This field can contains different rights to restrict different functionalities. For abstract unix sockets, we introduce "LANDLOCK_SCOPED_ABSTRACT_UNIX_SOCKET" field to specify that a ruleset will deny any connection from within the sandbox domain to its parent (i.e. any parent sandbox or non-sandbox processes)."
This Unix socket scoping support makes up all of the [3]Landlock patches that have been submitted for the Linux 6.12 kernel.
Those unfamiliar with the Landlock Linux security module can learn more about it in general at [4]landlock.io .
[1] https://www.phoronix.com/search/Landlock
[2] https://lore.kernel.org/netdev/20240726.Nohde4vooy3A@digikod.net/T/
[3] https://lore.kernel.org/lkml/20240923184251.153123-1-mic@digikod.net/
[4] https://landlock.io/
Landlock for Linux 6.12 delivers signal and abstract Unix socket controls for the Landlock LSM. This was a useful project from the Outreachy internship program and allows for better Linux process isolation.
Tahera Fahimi as the Outreachy intern who worked out this Landlock improvement explained in the prior [2]patch series for this abstract Unix socket scoping support:
"Abstract unix sockets are used for local inter-process communications independent of the filesystem. Currently, a sandboxed process can connect to a socket outside of the sandboxed environment, since Landlock has no restriction for connecting to an abstract socket address. Access to such sockets for a sandboxed process should be scoped the same way ptrace is limited.
...
To solve this issue, we extend the user space interface by adding a new "scoped" field to Landlock ruleset attribute structure. This field can contains different rights to restrict different functionalities. For abstract unix sockets, we introduce "LANDLOCK_SCOPED_ABSTRACT_UNIX_SOCKET" field to specify that a ruleset will deny any connection from within the sandbox domain to its parent (i.e. any parent sandbox or non-sandbox processes)."
This Unix socket scoping support makes up all of the [3]Landlock patches that have been submitted for the Linux 6.12 kernel.
Those unfamiliar with the Landlock Linux security module can learn more about it in general at [4]landlock.io .
[1] https://www.phoronix.com/search/Landlock
[2] https://lore.kernel.org/netdev/20240726.Nohde4vooy3A@digikod.net/T/
[3] https://lore.kernel.org/lkml/20240923184251.153123-1-mic@digikod.net/
[4] https://landlock.io/
ahrs