Commit a17c60e5 authored by Mickaël Salaün's avatar Mickaël Salaün

samples/landlock: Don't error out if a file path cannot be opened

Instead of creating a hard error and aborting the sandbox creation,
accept file path not usable in the LL_FS_RO and LL_FS_RW environment
variables but only print a warning.  This makes it easier to test, for
instance with LL_FS_RO="${PATH}:/usr/lib:/lib"

Print that we are going to execute the command in the sandbox before
doing so.

Rename "launch" to "execute", and improve header description.
Reviewed-by: default avatarGünther Noack <gnoack@google.com>
Link: https://lore.kernel.org/r/20240307143849.1517218-1-mic@digikod.net
[mic: Improve header description as suggested by Günther]
Signed-off-by: default avatarMickaël Salaün <mic@digikod.net>
parent 63817feb
// SPDX-License-Identifier: BSD-3-Clause // SPDX-License-Identifier: BSD-3-Clause
/* /*
* Simple Landlock sandbox manager able to launch a process restricted by a * Simple Landlock sandbox manager able to execute a process restricted by
* user-defined filesystem access control policy. * user-defined file system and network access control policies.
* *
* Copyright © 2017-2020 Mickaël Salaün <mic@digikod.net> * Copyright © 2017-2020 Mickaël Salaün <mic@digikod.net>
* Copyright © 2020 ANSSI * Copyright © 2020 ANSSI
...@@ -120,9 +120,11 @@ static int populate_ruleset_fs(const char *const env_var, const int ruleset_fd, ...@@ -120,9 +120,11 @@ static int populate_ruleset_fs(const char *const env_var, const int ruleset_fd,
if (path_beneath.parent_fd < 0) { if (path_beneath.parent_fd < 0) {
fprintf(stderr, "Failed to open \"%s\": %s\n", fprintf(stderr, "Failed to open \"%s\": %s\n",
path_list[i], strerror(errno)); path_list[i], strerror(errno));
goto out_free_name; continue;
} }
if (fstat(path_beneath.parent_fd, &statbuf)) { if (fstat(path_beneath.parent_fd, &statbuf)) {
fprintf(stderr, "Failed to stat \"%s\": %s\n",
path_list[i], strerror(errno));
close(path_beneath.parent_fd); close(path_beneath.parent_fd);
goto out_free_name; goto out_free_name;
} }
...@@ -227,7 +229,7 @@ int main(const int argc, char *const argv[], char *const *const envp) ...@@ -227,7 +229,7 @@ int main(const int argc, char *const argv[], char *const *const envp)
ENV_FS_RO_NAME, ENV_FS_RW_NAME, ENV_TCP_BIND_NAME, ENV_FS_RO_NAME, ENV_FS_RW_NAME, ENV_TCP_BIND_NAME,
ENV_TCP_CONNECT_NAME, argv[0]); ENV_TCP_CONNECT_NAME, argv[0]);
fprintf(stderr, fprintf(stderr,
"Launch a command in a restricted environment.\n\n"); "Execute a command in a restricted environment.\n\n");
fprintf(stderr, fprintf(stderr,
"Environment variables containing paths and ports " "Environment variables containing paths and ports "
"each separated by a colon:\n"); "each separated by a colon:\n");
...@@ -248,7 +250,7 @@ int main(const int argc, char *const argv[], char *const *const envp) ...@@ -248,7 +250,7 @@ int main(const int argc, char *const argv[], char *const *const envp)
ENV_TCP_CONNECT_NAME); ENV_TCP_CONNECT_NAME);
fprintf(stderr, fprintf(stderr,
"\nexample:\n" "\nexample:\n"
"%s=\"/bin:/lib:/usr:/proc:/etc:/dev/urandom\" " "%s=\"${PATH}:/lib:/usr:/proc:/etc:/dev/urandom\" "
"%s=\"/dev/null:/dev/full:/dev/zero:/dev/pts:/tmp\" " "%s=\"/dev/null:/dev/full:/dev/zero:/dev/pts:/tmp\" "
"%s=\"9418\" " "%s=\"9418\" "
"%s=\"80:443\" " "%s=\"80:443\" "
...@@ -383,6 +385,7 @@ int main(const int argc, char *const argv[], char *const *const envp) ...@@ -383,6 +385,7 @@ int main(const int argc, char *const argv[], char *const *const envp)
cmd_path = argv[1]; cmd_path = argv[1];
cmd_argv = argv + 1; cmd_argv = argv + 1;
fprintf(stderr, "Executing the sandboxed command...\n");
execvpe(cmd_path, cmd_argv, envp); execvpe(cmd_path, cmd_argv, envp);
fprintf(stderr, "Failed to execute \"%s\": %s\n", cmd_path, fprintf(stderr, "Failed to execute \"%s\": %s\n", cmd_path,
strerror(errno)); strerror(errno));
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment