-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Hide Config.handledAccessFS again, and make it settable through a con…
…structor. The test in `tests/customconfig/config_test.go` has a usage example. Fixes #12.
- Loading branch information
Showing
6 changed files
with
125 additions
and
33 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -31,24 +31,57 @@ const ( | |
var ( | ||
// Landlock V1 support (basic file operations). | ||
V1 = Config{ | ||
HandledAccessFS: abiInfos[1].supportedAccessFS, | ||
handledAccessFS: abiInfos[1].supportedAccessFS, | ||
} | ||
) | ||
|
||
// The Landlock configuration describes the desired set of | ||
// landlockable operations to be restricted and the constraints on it | ||
// (e.g. best effort mode). | ||
type Config struct { | ||
// File system operations to restrict when enabling Landlock. | ||
// Needs to stay within the bounds of what go-landlock supports. | ||
HandledAccessFS AccessFSSet | ||
handledAccessFS AccessFSSet | ||
bestEffort bool | ||
} | ||
|
||
// NewConfig creates a new Landlock configuration with the given parameters. | ||
// | ||
// Passing an AccessFSSet will set that as the set of file system | ||
// operations to restrict when enabling Landlock. The AccessFSSet | ||
// needs to stay within the bounds of what go-landlock supports. | ||
func NewConfig(args ...interface{}) (*Config, error) { | ||
// Implementation note: This factory is written with future | ||
// extensibility in mind. Only specific types are supported as | ||
// input, but in the future more might be added. | ||
var c Config | ||
for _, arg := range args { | ||
if afs, ok := arg.(AccessFSSet); ok { | ||
if !c.handledAccessFS.isEmpty() { | ||
return nil, errors.New("only one AccessFSSet may be provided") | ||
} | ||
if !afs.valid() { | ||
return nil, errors.New("unsupported AccessFSSet value; upgrade go-landlock?") | ||
} | ||
c.handledAccessFS = afs | ||
} else { | ||
return nil, fmt.Errorf("unknown argument %v; only AccessFSSet-type argument is supported", arg) | ||
} | ||
} | ||
return &c, nil | ||
} | ||
|
||
// MustConfig is like NewConfig but panics on error. | ||
func MustConfig(args ...interface{}) Config { | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
gnoack
Author
Collaborator
|
||
c, err := NewConfig(args...) | ||
if err != nil { | ||
panic(err) | ||
} | ||
return *c | ||
} | ||
|
||
// validate returns success when the given config is supported by | ||
// go-landlock. (It may still be unsupported by your kernel though.) | ||
func (c Config) validate() error { | ||
if !c.HandledAccessFS.valid() { | ||
if !c.handledAccessFS.valid() { | ||
return errors.New("unsupported HandledAccessFS value") | ||
} | ||
return nil | ||
|
@@ -58,13 +91,13 @@ func (c Config) validate() error { | |
func (c Config) String() string { | ||
abi := abiInfo{version: -1} // invalid | ||
for _, a := range abiInfos { | ||
if c.HandledAccessFS.isSubset(a.supportedAccessFS) { | ||
if c.handledAccessFS.isSubset(a.supportedAccessFS) { | ||
abi = a | ||
} | ||
} | ||
|
||
var desc = c.HandledAccessFS.String() | ||
if abi.supportedAccessFS == c.HandledAccessFS { | ||
var desc = c.handledAccessFS.String() | ||
if abi.supportedAccessFS == c.handledAccessFS { | ||
desc = "all" | ||
} | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
package landlock_test | ||
|
||
import ( | ||
"os" | ||
"testing" | ||
|
||
"github.com/landlock-lsm/go-landlock/landlock" | ||
ll "github.com/landlock-lsm/go-landlock/landlock/syscall" | ||
) | ||
|
||
// True if the given path can be opened for reading. | ||
func canAccess(path string) bool { | ||
f, err := os.Open(path) | ||
if err != nil { | ||
return false | ||
} | ||
defer f.Close() | ||
return true | ||
} | ||
|
||
func TestCustomConfig(t *testing.T) { | ||
if !canAccess("/etc/passwd") { | ||
t.Skipf("expected normal accesses to /etc/passwd to work") | ||
} | ||
|
||
if !canAccess("/etc/group") { | ||
t.Skipf("expected normal accesses to /etc/group to work") | ||
} | ||
|
||
readFile := landlock.AccessFSSet(ll.AccessFSReadFile) | ||
if err := landlock.MustConfig(readFile).RestrictPaths( | ||
landlock.PathAccess(readFile, "/etc/passwd"), | ||
); err != nil { | ||
t.Fatalf("Could not restrict paths: %v", err) | ||
} | ||
|
||
if !canAccess("/etc/passwd") { | ||
t.Error("expected to have read access to /etc/passwd, but didn't") | ||
} | ||
if canAccess("/etc/group") { | ||
t.Error("expected to have NO read access to /etc/group, but did") | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Is there a use case outside of tests to expose
MustConfig
? That seems dangerous for users.