Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document that Landlock exceptions are based on fd's #53

Open
mrcnski opened this issue Sep 19, 2023 · 0 comments
Open

Document that Landlock exceptions are based on fd's #53

mrcnski opened this issue Sep 19, 2023 · 0 comments
Labels
documentation Improvements or additions to documentation

Comments

@mrcnski
Copy link

mrcnski commented Sep 19, 2023

Hello again, really appreciate your work on Landlock. Some feedback:

One thing that wasn't clear to me until recently is that Landlock exceptions/whitelists are based on fd's and not paths.

In the sandboxing example and the path_beneath_rules example, paths are used for the exceptions, which can easily lead one to a false impression. It's partially my fault for not digging into the API to find out that it actually fundamentally accepts fd's. But even the add_rules methods do not make this clear, you have to click one more time into Rule.

Is it possible to document somewhere to make this a bit more explicit?

(This bit me recently. I wrote a design which assumed that another process can create new files at the whitelisted paths, and the sandboxed process could access them. Only after implementing it did I find out it didn't work.)

@l0kod l0kod added the documentation Improvements or additions to documentation label Feb 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
documentation Improvements or additions to documentation
Projects
None yet
Development

No branches or pull requests

2 participants