Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BUG(go-landlock) visible when adding non-file access rights on files #26

Open
gnoack opened this issue Nov 8, 2023 · 1 comment
Open

BUG(go-landlock) visible when adding non-file access rights on files #26

gnoack opened this issue Nov 8, 2023 · 1 comment
Assignees
@gnoack

Comments

@gnoack
Copy link
Collaborator

gnoack commented Nov 8, 2023

When using non-file access rights on files (rather than directories),
it is possible to get go-landlock to return a BUG(go-landlock) error.

This is unintended and should be fixed.

Reported by https://www.reddit.com/user/ikmckenz/ on https://www.reddit.com/r/linuxquestions/comments/17qg6fj/give_landlock_access_to_devnull_properly/
@ikmckenz
Copy link

Example:

package main

import (
	"fmt"
	"github.com/landlock-lsm/go-landlock/landlock"
)

func main() {
	err := landlock.V3.BestEffort().RestrictPaths(
		landlock.PathAccess(0b1111111111111, "/dev/null"),
	)
	if err != nil {
		fmt.Println(err)
	}
}

Returns:
populating ruleset for "/dev/null" with access {execute,write_file,read_file,read_dir,remove_dir,remove_file,make_char,make_dir,make_reg,make_sock,make_fifo,make_block,make_sym}: landlock_add_rule: BUG(go-landlock): This should not have happened: invalid flags, or inconsistent access in the rule: invalid argument

@gnoack gnoack self-assigned this Nov 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gnoack gnoack

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gnoack @ikmckenz