New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
proposal: syscall: add landlock support on Linux #47049
Comments
Presumably this would be an addition to x/sys/unix, given that the syscall package is frozen:
|
Ah, I see that os/exec references a syscall struct directly, so I assume you would need additions to both. |
Can you propose a specific API to add to the syscall package? As far as I can tell the golanglock package you mention can be implemented entirely outside of the standard library, and we could for example discuss adding it to x/sys/unix. What do we need in syscall? Thanks. |
Would it suffice to add to syscall.SysProcAttr the rulesetfd (as an *os.File I guess) and have the child call landlock_restrict_self on that fd? |
This proposal has been added to the active column of the proposals project |
Ping @illiliti re API questions above. |
Sounds good. All other functionality that creates and manages rulesetfd will go into NIT: I suppose rulesetfd should be |
It sounds like all we need to do is add
to SysProcAttr? But what about the zero value? 0 is a valid fd and if you have nothing open it's what opening the landlock fd will return. So it sounds like maybe we need
? How often does this arise? |
Right.
bool is already used by |
Does anyone object to adding to SysProcAttr:
? |
Closing this because #49383 is WONTFIX. Very disappointed in Go. Feel free to reopen, but don't expect any contribution from me. |
Treating this as retracted, but it seems like we reached a reasonable API change. What we don't know is whether it is good enough in practice or whether anyone needs it. If someone does need it, please feel free to open a new proposal and we can continue this discussion. Thanks. And apologies @illiliti for the requirement. |
This proposal has been declined as retracted. |
Due to golang policy on fork/exec, I have to double-run myself, set landlock rules and exec into desired executable. This all looks like a dirty hack, especially in terms of library code where you can't simply re-exec yourself. I propose to add native landlock support.
Reference: https://landlock.io
POC implementation: https://github.com/gnoack/golandlock
Example:
The text was updated successfully, but these errors were encountered: