Günther Noack
Günther Noack
The TCP bind() and connect() patch set came with kernel documentation, but we missed to update the man pages altogether -- @BoardzMaster is that something you would look into?
Man page documentation for IOCTL support Similar to https://github.com/landlock-lsm/linux/issues/32
As remarked by @thejh in https://lore.kernel.org/linux-security-module/CAG48ez3NvVnonOqKH4oRwRqbSOLO0p9djBqgvxVwn6gtGQBPcw@mail.gmail.com/ -- establishing a connection to a named Unix Domain Socket is done through *connect*(2), passing the filename in the `struct sockaddr`, and that is...
We've been inconsistently using EXPECT and ASSERT in Landlock's selftests, especially for teardown. (fs_test.c uses `ASSERT_EQ(0, close(fd))` whereas net_test.c uses `EXPECT_EQ(0, close(fd))` everywhere). I personally prefer to use ASSERT in...
https://github.com/pufferffish/wireproxy/blob/master/cmd/wireproxy/main.go#L133 Please update the Landlock library use in this project - the version you are using has a known bug: https://github.com/landlock-lsm/go-landlock/security/advisories/GHSA-vv6c-69r6-chg9 P.S. (Without understanding all details of how you do...
Landlock V6's signal scoping support conflicts with the way that Landlock policies are currently getting enabled in Go-Landlock. Policy enablement in Landlock is only possible at the per-thread level, and...
Landlock V6's IPC scoping features by @tahifahimi make it possible to restrict the use of Unix signals and Abstract Unix Domain Sockets from less-privileged to more-privileged Landlock domains. Unfortunately this...
This adds Go-Landlock support for Scoped access rights for IPC between processes, which were added by @tahifahimi in https://lore.kernel.org/all/[email protected]/ and https://lore.kernel.org/all/[email protected]/ ## Known bug about IPC between goroutines A noteworthy...