22
22
#include <unistd.h>
23
23
24
24
#ifndef landlock_create_ruleset
25
- static inline int landlock_create_ruleset (
26
- const struct landlock_ruleset_attr * const attr ,
27
- const size_t size , const __u32 flags )
25
+ static inline int
26
+ landlock_create_ruleset ( const struct landlock_ruleset_attr * const attr ,
27
+ const size_t size , const __u32 flags )
28
28
{
29
29
return syscall (__NR_landlock_create_ruleset , attr , size , flags );
30
30
}
31
31
#endif
32
32
33
33
#ifndef landlock_add_rule
34
34
static inline int landlock_add_rule (const int ruleset_fd ,
35
- const enum landlock_rule_type rule_type ,
36
- const void * const rule_attr , const __u32 flags )
35
+ const enum landlock_rule_type rule_type ,
36
+ const void * const rule_attr ,
37
+ const __u32 flags )
37
38
{
38
- return syscall (__NR_landlock_add_rule , ruleset_fd , rule_type ,
39
- rule_attr , flags );
39
+ return syscall (__NR_landlock_add_rule , ruleset_fd , rule_type , rule_attr ,
40
+ flags );
40
41
}
41
42
#endif
42
43
43
44
#ifndef landlock_restrict_self
44
45
static inline int landlock_restrict_self (const int ruleset_fd ,
45
- const __u32 flags )
46
+ const __u32 flags )
46
47
{
47
48
return syscall (__NR_landlock_restrict_self , ruleset_fd , flags );
48
49
}
@@ -79,9 +80,8 @@ static int parse_path(char *env_path, const char ***const path_list)
79
80
80
81
/* clang-format on */
81
82
82
- static int populate_ruleset (
83
- const char * const env_var , const int ruleset_fd ,
84
- const __u64 allowed_access )
83
+ static int populate_ruleset (const char * const env_var , const int ruleset_fd ,
84
+ const __u64 allowed_access )
85
85
{
86
86
int num_paths , i , ret = 1 ;
87
87
char * env_path_name ;
@@ -111,12 +111,10 @@ static int populate_ruleset(
111
111
for (i = 0 ; i < num_paths ; i ++ ) {
112
112
struct stat statbuf ;
113
113
114
- path_beneath .parent_fd = open (path_list [i ], O_PATH |
115
- O_CLOEXEC );
114
+ path_beneath .parent_fd = open (path_list [i ], O_PATH | O_CLOEXEC );
116
115
if (path_beneath .parent_fd < 0 ) {
117
116
fprintf (stderr , "Failed to open \"%s\": %s\n" ,
118
- path_list [i ],
119
- strerror (errno ));
117
+ path_list [i ], strerror (errno ));
120
118
goto out_free_name ;
121
119
}
122
120
if (fstat (path_beneath .parent_fd , & statbuf )) {
@@ -127,9 +125,10 @@ static int populate_ruleset(
127
125
if (!S_ISDIR (statbuf .st_mode ))
128
126
path_beneath .allowed_access &= ACCESS_FILE ;
129
127
if (landlock_add_rule (ruleset_fd , LANDLOCK_RULE_PATH_BENEATH ,
130
- & path_beneath , 0 )) {
131
- fprintf (stderr , "Failed to update the ruleset with \"%s\": %s\n" ,
132
- path_list [i ], strerror (errno ));
128
+ & path_beneath , 0 )) {
129
+ fprintf (stderr ,
130
+ "Failed to update the ruleset with \"%s\": %s\n" ,
131
+ path_list [i ], strerror (errno ));
133
132
close (path_beneath .parent_fd );
134
133
goto out_free_name ;
135
134
}
@@ -171,55 +170,64 @@ int main(const int argc, char *const argv[], char *const *const envp)
171
170
int ruleset_fd ;
172
171
struct landlock_ruleset_attr ruleset_attr = {
173
172
.handled_access_fs = ACCESS_FS_ROUGHLY_READ |
174
- ACCESS_FS_ROUGHLY_WRITE ,
173
+ ACCESS_FS_ROUGHLY_WRITE ,
175
174
};
176
175
177
176
if (argc < 2 ) {
178
- fprintf (stderr , "usage: %s=\"...\" %s=\"...\" %s <cmd> [args]...\n\n" ,
179
- ENV_FS_RO_NAME , ENV_FS_RW_NAME , argv [0 ]);
180
- fprintf (stderr , "Launch a command in a restricted environment.\n\n" );
177
+ fprintf (stderr ,
178
+ "usage: %s=\"...\" %s=\"...\" %s <cmd> [args]...\n\n" ,
179
+ ENV_FS_RO_NAME , ENV_FS_RW_NAME , argv [0 ]);
180
+ fprintf (stderr ,
181
+ "Launch a command in a restricted environment.\n\n" );
181
182
fprintf (stderr , "Environment variables containing paths, "
182
183
"each separated by a colon:\n" );
183
- fprintf (stderr , "* %s: list of paths allowed to be used in a read-only way.\n" ,
184
- ENV_FS_RO_NAME );
185
- fprintf (stderr , "* %s: list of paths allowed to be used in a read-write way.\n" ,
186
- ENV_FS_RW_NAME );
187
- fprintf (stderr , "\nexample:\n"
188
- "%s=\"/bin:/lib:/usr:/proc:/etc:/dev/urandom\" "
189
- "%s=\"/dev/null:/dev/full:/dev/zero:/dev/pts:/tmp\" "
190
- "%s bash -i\n" ,
191
- ENV_FS_RO_NAME , ENV_FS_RW_NAME , argv [0 ]);
184
+ fprintf (stderr ,
185
+ "* %s: list of paths allowed to be used in a read-only way.\n" ,
186
+ ENV_FS_RO_NAME );
187
+ fprintf (stderr ,
188
+ "* %s: list of paths allowed to be used in a read-write way.\n" ,
189
+ ENV_FS_RW_NAME );
190
+ fprintf (stderr ,
191
+ "\nexample:\n"
192
+ "%s=\"/bin:/lib:/usr:/proc:/etc:/dev/urandom\" "
193
+ "%s=\"/dev/null:/dev/full:/dev/zero:/dev/pts:/tmp\" "
194
+ "%s bash -i\n" ,
195
+ ENV_FS_RO_NAME , ENV_FS_RW_NAME , argv [0 ]);
192
196
return 1 ;
193
197
}
194
198
195
- ruleset_fd = landlock_create_ruleset (& ruleset_attr , sizeof (ruleset_attr ), 0 );
199
+ ruleset_fd =
200
+ landlock_create_ruleset (& ruleset_attr , sizeof (ruleset_attr ), 0 );
196
201
if (ruleset_fd < 0 ) {
197
202
const int err = errno ;
198
203
199
204
perror ("Failed to create a ruleset" );
200
205
switch (err ) {
201
206
case ENOSYS :
202
- fprintf (stderr , "Hint: Landlock is not supported by the current kernel. "
203
- "To support it, build the kernel with "
204
- "CONFIG_SECURITY_LANDLOCK=y and prepend "
205
- "\"landlock,\" to the content of CONFIG_LSM.\n" );
207
+ fprintf (stderr ,
208
+ "Hint: Landlock is not supported by the current kernel. "
209
+ "To support it, build the kernel with "
210
+ "CONFIG_SECURITY_LANDLOCK=y and prepend "
211
+ "\"landlock,\" to the content of CONFIG_LSM.\n" );
206
212
break ;
207
213
case EOPNOTSUPP :
208
- fprintf (stderr , "Hint: Landlock is currently disabled. "
209
- "It can be enabled in the kernel configuration by "
210
- "prepending \"landlock,\" to the content of CONFIG_LSM, "
211
- "or at boot time by setting the same content to the "
212
- "\"lsm\" kernel parameter.\n" );
214
+ fprintf (stderr ,
215
+ "Hint: Landlock is currently disabled. "
216
+ "It can be enabled in the kernel configuration by "
217
+ "prepending \"landlock,\" to the content of CONFIG_LSM, "
218
+ "or at boot time by setting the same content to the "
219
+ "\"lsm\" kernel parameter.\n" );
213
220
break ;
214
221
}
215
222
return 1 ;
216
223
}
217
224
if (populate_ruleset (ENV_FS_RO_NAME , ruleset_fd ,
218
- ACCESS_FS_ROUGHLY_READ )) {
225
+ ACCESS_FS_ROUGHLY_READ )) {
219
226
goto err_close_ruleset ;
220
227
}
221
228
if (populate_ruleset (ENV_FS_RW_NAME , ruleset_fd ,
222
- ACCESS_FS_ROUGHLY_READ | ACCESS_FS_ROUGHLY_WRITE )) {
229
+ ACCESS_FS_ROUGHLY_READ |
230
+ ACCESS_FS_ROUGHLY_WRITE )) {
223
231
goto err_close_ruleset ;
224
232
}
225
233
if (prctl (PR_SET_NO_NEW_PRIVS , 1 , 0 , 0 , 0 )) {
@@ -236,7 +244,7 @@ int main(const int argc, char *const argv[], char *const *const envp)
236
244
cmd_argv = argv + 1 ;
237
245
execvpe (cmd_path , cmd_argv , envp );
238
246
fprintf (stderr , "Failed to execute \"%s\": %s\n" , cmd_path ,
239
- strerror (errno ));
247
+ strerror (errno ));
240
248
fprintf (stderr , "Hint: access to the binary, the interpreter or "
241
249
"shared libraries may be denied.\n" );
242
250
return 1 ;
0 commit comments