Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support LANDLOCK_ACCESS_FS_IOCTL_DEV access right #29

Closed
gnoack opened this issue Jun 2, 2024 · 0 comments
Closed

Support LANDLOCK_ACCESS_FS_IOCTL_DEV access right #29

gnoack opened this issue Jun 2, 2024 · 0 comments

Comments

@gnoack
Copy link
Collaborator

gnoack commented Jun 2, 2024

Compare https://wiki.gnoack.org/LandlockIoctlSupport

Work underway on the "ioctl" branch.
gnoack added a commit that referenced this issue Jun 2, 2024
@gnoack
Landlock ABI v5 support (IOCTL on device files) (WIP)
a73e3a4 
Fixes #29
gnoack added a commit that referenced this issue Jul 4, 2024
@gnoack
Landlock ABI v5 support (IOCTL on device files) (WIP)
635dd36 
Fixes #29
gnoack added a commit that referenced this issue Jul 5, 2024
@gnoack
Landlock ABI v5 support (IOCTL on device files) (WIP)
59ea973 
Fixes #29
gnoack added a commit that referenced this issue Jul 5, 2024
@gnoack
Landlock ABI v5 support (IOCTL on device files) (WIP)
d4dcc28 
Fixes #29
gnoack added a commit that referenced this issue Jul 5, 2024
@gnoack
Landlock ABI v5 support (IOCTL on device files) (WIP)
80c1ac4 
Fixes #29
gnoack added a commit that referenced this issue Jul 15, 2024
@gnoack
Landlock ABI v5 support (IOCTL on device files)
043f1a9 
Make ioctl(2) requests for device files restrictable with Landlock.

In the Go library, the LANDLOCK_ACCESS_FS_IOCTL_DEV right is *not*
part of the RWFiles and ROFiles convenience functions.

When you upgrade from an earlier ABI version to [landlock.V5], and
when you are restricting all access rights available at this version,
please double check whether your program uses any IOCTLs on device
files.

Some of the simpler IOCTL commands are exempt and are unconditionally
permitted by Landlock.

Fixes: #29
Link: https://lore.kernel.org/linux-security-module/[email protected]/
gnoack added a commit that referenced this issue Jul 15, 2024
@gnoack
Landlock ABI v5 support (IOCTL on device files)
8acad90 
Make ioctl(2) requests for device files restrictable with Landlock.

In the Go library, the LANDLOCK_ACCESS_FS_IOCTL_DEV right is *not*
part of the RWFiles and ROFiles convenience functions.

When you upgrade from an earlier ABI version to `landlock.V5`, and
when you are restricting all access rights available at this version,
please double check whether your program uses any IOCTLs on device
files.

Some of the simpler IOCTL commands are exempt and are unconditionally
permitted by Landlock.

Fixes: #29
Link: https://lore.kernel.org/linux-security-module/[email protected]/
@gnoack gnoack closed this as completed in db0c8d6 Jul 15, 2024
gnoack added a commit that referenced this issue Oct 13, 2024
@gnoack
Landlock ABI v5 support (IOCTL on device files)
fd00d67 
Make ioctl(2) requests for device files restrictable with Landlock.

In the Go library, the LANDLOCK_ACCESS_FS_IOCTL_DEV right is *not*
part of the RWFiles and ROFiles convenience functions.

When you upgrade from an earlier ABI version to `landlock.V5`, and
when you are restricting all access rights available at this version,
please double check whether your program uses any IOCTLs on device
files.

Some of the simpler IOCTL commands are exempt and are unconditionally
permitted by Landlock.  (See the link below.)

Fixes: #29
Link: https://lore.kernel.org/linux-security-module/[email protected]/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gnoack