src: Handle Landlock ABI v3

Add the AccessFs::Truncate right. Signed-off-by: Mickaël Salaün <[email protected]>
landlock-lsm · Aug 30, 2023 · e44d539 · e44d539
1 parent aadd18a
commit e44d539
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 6 deletions.
diff --git a/examples/sandboxer.rs b/examples/sandboxer.rs
@@ -81,7 +81,7 @@ fn main() -> anyhow::Result<()> {
         anyhow!("Missing command")
     })?;
 
-    let abi = ABI::V2;
+    let abi = ABI::V3;
     let status = Ruleset::new()
         .handle_access(AccessFs::from_all(abi))?
         .create()?

diff --git a/src/compat.rs b/src/compat.rs
@@ -40,6 +40,9 @@ pub enum ABI {
     /// Second Landlock ABI, introduced with
     /// [Linux 5.19](https://git.kernel.org/stable/c/cb44e4f061e16be65b8a16505e121490c66d30d0).
     V2 = 2,
+    /// Third Landlock ABI, introduced with
+    /// [Linux 6.2](https://git.kernel.org/stable/c/299e2b1967578b1442128ba8b3e86ed3427d3651).
+    V3 = 3,
 }
 
 impl ABI {
@@ -64,8 +67,9 @@ impl ABI {
             // all kind of errors as unsupported.
             n if n <= 0 => ABI::Unsupported,
             1 => ABI::V1,
+            2 => ABI::V2,
             // Returns the greatest known ABI.
-            _ => ABI::V2,
+            _ => ABI::V3,
         }
     }
 
@@ -289,7 +293,6 @@ impl Compatibility {
 /// it may be required to error out if some of these features are not available
 /// and will then not be enforced.
 pub trait Compatible: Sized + AsMut<Option<CompatLevel>> {
-    // TODO: Update ruleset_handling_renames() with ABI::V3
     /// To enable a best-effort security approach,
     /// Landlock features that are not supported by the running system
     /// are silently ignored by default,
@@ -359,7 +362,7 @@ pub trait Compatible: Sized + AsMut<Option<CompatLevel>> {
     ///         // However, this ruleset may also handle other (future) access rights
     ///         // if they are supported by the running kernel.
     ///         .set_compatibility(CompatLevel::BestEffort)
-    ///         .handle_access(AccessFs::from_all(ABI::V2))?
+    ///         .handle_access(AccessFs::from_all(ABI::V3))?
     ///         .create()?)
     /// }
     /// ```

diff --git a/src/fs.rs b/src/fs.rs
@@ -81,14 +81,16 @@ pub enum AccessFs {
     MakeSym = uapi::LANDLOCK_ACCESS_FS_MAKE_SYM as u64,
     /// Link or rename a file from or to a different directory.
     Refer = uapi::LANDLOCK_ACCESS_FS_REFER as u64,
+    /// Truncate a file with `truncate(2)`, `ftruncate(2)`, `creat(2)`, or `open(2)` with `O_TRUNC`.
+    Truncate = uapi::LANDLOCK_ACCESS_FS_TRUNCATE as u64,
 }
 
 impl Access for AccessFs {
     // Roughly read (i.e. not all FS actions are handled).
     fn from_read(abi: ABI) -> BitFlags<Self> {
         match abi {
             ABI::Unsupported => BitFlags::EMPTY,
-            ABI::V1 | ABI::V2 => make_bitflags!(AccessFs::{
+            ABI::V1 | ABI::V2 | ABI::V3 => make_bitflags!(AccessFs::{
                 Execute
                 | ReadFile
                 | ReadDir
@@ -113,6 +115,7 @@ impl Access for AccessFs {
                 | MakeSym
             }),
             ABI::V2 => Self::from_write(ABI::V1) | AccessFs::Refer,
+            ABI::V3 => Self::from_write(ABI::V2) | AccessFs::Truncate,
         }
     }
 }
@@ -165,8 +168,10 @@ impl PrivateAccess for AccessFs {
     }
 }
 
+// TODO: Make ACCESS_FILE a property of AccessFs.
+// TODO: Add tests for ACCESS_FILE.
 const ACCESS_FILE: BitFlags<AccessFs> = make_bitflags!(AccessFs::{
-    ReadFile | WriteFile | Execute
+    ReadFile | WriteFile | Execute | Truncate
 });
 
 // XXX: What should we do when a stat call failed?

diff --git a/src/lib.rs b/src/lib.rs
@@ -324,4 +324,20 @@ mod tests {
             false,
         );
     }
+
+    #[test]
+    fn abi_v3_truncate() {
+        check_ruleset_support(
+            ABI::V2,
+            Some(ABI::V3),
+            |ruleset: Ruleset| -> _ {
+                Ok(ruleset
+                    .handle_access(AccessFs::Refer)?
+                    .handle_access(AccessFs::Truncate)?
+                    .create()?
+                    .restrict_self()?)
+            },
+            false,
+        );
+    }
 }
diff --git a/src/uapi/mod.rs b/src/uapi/mod.rs
@@ -24,6 +24,7 @@ pub use self::landlock::{
     LANDLOCK_ACCESS_FS_MAKE_BLOCK,
     LANDLOCK_ACCESS_FS_MAKE_SYM,
     LANDLOCK_ACCESS_FS_REFER,
+    LANDLOCK_ACCESS_FS_TRUNCATE,
     LANDLOCK_CREATE_RULESET_VERSION,
 };