qbit/protect
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: qbit:master
Branches Tags
qbit:master
qbit:add_landlock
qbit:v1.2.4
qbit:v1.2.3
qbit:v1.2.2
qbit:v1.2.1
qbit:v1.2.0
qbit:v1.1.0
qbit:v1.0.0
qbit:v0.1.0
...
pull from: qbit:add_landlock
Branches Tags
qbit:master
qbit:add_landlock
qbit:v1.2.4
qbit:v1.2.3
qbit:v1.2.2
qbit:v1.2.1
qbit:v1.2.0
qbit:v1.1.0
qbit:v1.0.0
qbit:v0.1.0

3 Commits
master ... add_landlo

Author SHA1 Message Date
Aaron Bieber
2b9c3db652
Fix locking multiple directories 
- stop pretending we are doing anything other than ro/rw
 2023-03-21 09:06:08 -06:00
Aaron Bieber
e433d9038e
Fix linux test 
remove debug lines
 2023-03-21 07:22:37 -06:00
Aaron Bieber
082fa5e918
Add initial bits for landlock. 
Currently not working fully.
 2023-03-21 06:49:24 -06:00
6 changed files with 132 additions and 8 deletions
Show Stats Expand all files Collapse all files

5
go.mod
View File

@ -2,4 +2,7 @@ module suah.dev/protect
go 1.14 go 1.14
require golang.org/x/sys v0.4.0 require (
github.com/landlock-lsm/go-landlock v0.0.0-20230225094210-7a98d7db83f2
golang.org/x/sys v0.6.0
)

9
go.sum
View File

@ -1,2 +1,7 @@
golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18= github.com/landlock-lsm/go-landlock v0.0.0-20230225094210-7a98d7db83f2 h1:kTSOM+yiVubrJQI/LJ67EGxYqrqC0C5VkfRurbFg7J4=
golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= github.com/landlock-lsm/go-landlock v0.0.0-20230225094210-7a98d7db83f2/go.mod h1:oCxtVqzP6dNPgAQK+4okeQk9BcxjkttF8MG4DmoT6Sk=
golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
kernel.org/pub/linux/libs/security/libcap/psx v1.2.66 h1:ikIhPzfkSSAEwBOU+2DWhoF+xnGUhvlMTfQjBVhvzQY=
kernel.org/pub/linux/libs/security/libcap/psx v1.2.66/go.mod h1:+l6Ee2F59XiJ2I6WR5ObpC1utCQJZ/VLsEbQCD8RG24=

6
protect.go
View File

@ -12,8 +12,8 @@ import (
"strings" "strings"
) )
// Unveil is a wrapper for OpenBSD's unveil(2). unveil can be used to limit // Unveil is a wrapper for OpenBSD's unveil(2) and Linux's LandLock. Both of
// a processes view of the filesystem. // which are used to limit a processes view of the filesystem.
// //
// The first call to Unveil removes a processes visibility to everything // The first call to Unveil removes a processes visibility to everything
// except 'path'. Any subsequent calls expand the view to contain those // except 'path'. Any subsequent calls expand the view to contain those
@ -45,7 +45,7 @@ func UnveilSet(set map[string]string, block bool) error {
// UnveilBlock locks the Unveil'd paths. Preventing further changes to a // UnveilBlock locks the Unveil'd paths. Preventing further changes to a
// processes filesystem view. // processes filesystem view.
// //
// On non-OpenBSD machines this call is a noop. // On non-OpenBSD,Linux machines this call is a noop.
func UnveilBlock() error { func UnveilBlock() error {
return unveilBlock() return unveilBlock()
} }

68
protect_linux.go Normal file
View File

@ -0,0 +1,68 @@
//go:build linux
// +build linux
package protect
import (
"os"
"github.com/landlock-lsm/go-landlock/landlock"
)
type lands struct {
paths []landlock.PathOpt
}
var landToLock lands
func landAdd(path, flags string) error {
s, err := os.Stat(path)
if err != nil {
return err
}
switch mode := s.Mode(); {
case mode.IsDir():
switch flags {
case "r":
landToLock.paths = append(landToLock.paths, landlock.RODirs(path))
default:
landToLock.paths = append(landToLock.paths, landlock.RWDirs(path))
}
default:
switch flags {
case "r":
landToLock.paths = append(landToLock.paths, landlock.ROFiles(path))
default:
landToLock.paths = append(landToLock.paths, landlock.RWFiles(path))
}
}
return nil
}
func (l lands) landWalk() []landlock.PathOpt {
return l.paths
}
func unveil(path string, flags string) error {
if path == "" {
err := landlock.V3.BestEffort().RestrictPaths()
if err != nil {
return landlock.V2.BestEffort().RestrictPaths()
}
}
return landAdd(path, flags)
}
func unveilBlock() error {
err := landlock.V3.RestrictPaths(landToLock.landWalk()...)
if err != nil {
return landlock.V2.RestrictPaths(landToLock.landWalk()...)
}
return err
}
func pledge(promises string) error {
return nil
}

48
protect_linux_ro_dir_test.go Normal file
View File

@ -0,0 +1,48 @@
package protect
import (
"os"
"path"
"runtime"
"testing"
)
func TestLandlockFileWrite(t *testing.T) {
if runtime.GOOS != "linux" {
t.Skip("Not running on Linux... skipping landlock test")
}
dir, err := os.MkdirTemp("", "landlock")
if err != nil {
t.Fatal(err)
}
defer os.RemoveAll(dir)
unveil(dir, "r")
err = unveilBlock()
if err != nil {
t.Fatal(err)
}
f, err := os.OpenFile(path.Join(dir, "deadbeef"), os.O_RDWR|os.O_CREATE, 0600)
if err == nil {
t.Fatalf("should not have been able to create %q, but was able to do so\n", f.Name())
}
}
func TestLandlockRO(t *testing.T) {
if runtime.GOOS != "linux" {
t.Skip("Not running on Linux... skipping landlock test")
}
unveil("/tmp", "r")
err := unveilBlock()
if err != nil {
t.Fatal(err)
}
f, err := os.CreateTemp("", "landlockTest")
if err == nil {
t.Fatalf("should not have been able to create %q, but was able to do so\n", f.Name())
}
}

4
protect_stubs.go
View File

@ -1,5 +1,5 @@
//go:build !openbsd //go:build !openbsd && !linux
// +build !openbsd // +build !openbsd,!linux
package protect package protect