linux icon indicating copy to clipboard operation
linux copied to clipboard

Published 20 hours ago verified publisher icon landlock-lsm

Permissive mode

Open l0kod opened this issue 1 year ago • 1 comments

Before enforcing a sandbox on a fleet with potential different configurations and states, it would be useful to know whether a restriction would have an effect on legitimate use cases. By being able to have a permissive/not-enforcing mode and thanks to #3, telemetry can inform us of all access requests that would have been denied. We can then improve the sandbox configuration and get guarantees that it will not break current workstream.

This should be configurable with a new LANDLOCK_RESTRICT_SELF_PERMISSIVE flag passed to landlock_restrict_self(). Of course, this flag must only apply to the new domain layer, the inherited restrictions and the future nested restrictions will still be enforced.

l0kod avatar Jan 29 '24 11:01 l0kod

Related to landlock-lsm/rust-landlock#36, but this would be implemented kernel-side. Both implementation are valuables and complementary for different use cases:

  • user space libraries: debugging, testing and telemetry for (unprivileged) app developers;
  • kernel audit: debugging, testing and telemetry for system administrators.

l0kod avatar Feb 21 '24 10:02 l0kod