Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rwDirs and rwFiles enforces the file hierarchies to be write-only, not read-write #3

Closed
gnoack opened this issue Jul 4, 2021 · 1 comment
Closed

rwDirs and rwFiles enforces the file hierarchies to be write-only, not read-write #3

gnoack opened this issue Jul 4, 2021 · 1 comment

Comments

@gnoack
Copy link
Collaborator

gnoack commented Jul 4, 2021

Restrict is passing the wrong flags to Landlock - the rwDirs and rwFiles should also be readable, according to their name.
@gnoack gnoack mentioned this issue Jul 4, 2021
Closed
gnoack added a commit that referenced this issue Jul 4, 2021
@gnoack
Add golandlock.RestrictPath() to replace golandlock.Restrict().
f6bba12 
Using RestrictPath(), the call is more explicit, arguments are less
easy to mix up, and callers have more flexibility to tweak the
Landlock file system access permissions to the specific use case.
(This commit addresses the "Arguments mixup" and "Flexibility"
concerns from issue #4.)

This commit also fixes bug #3, making read-write paths truly
read-write (and not just writable).

Keep golandlock.Restrict() around for a bit to demonstrate that it's
backwards compatible, but it should disappear before golandlock v1.

Tested manually on VM with the command-line tool.
@gnoack
Copy link
Collaborator Author

gnoack commented Jul 4, 2021

Fixed.

@gnoack gnoack closed this as completed Jul 4, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gnoack