xz: Landlock: Fix error message if input file is a directory.
If xz is given a directory, it should look like this: $ xz /usr/bin xz: /usr/bin: Is a directory, skipping The Landlock rules didn't allow opening directories for reading: $ xz /usr/bin xz: /usr/bin: Permission denied The simplest fix was to allow opening directories for reading. While it's a bit silly to allow it solely for the error message, it shouldn't make the sandbox significantly weaker. The single-file use case (like when called from GNU tar) is still as strict as possible: all Landlock restrictions are enabled before (de)compression starts.
This commit is contained in:
parent
120da10ae1
commit
de4337fd89
|
@ -224,9 +224,17 @@ sandbox_init(void)
|
|||
// These are all in ABI version 1 already. We don't need truncate
|
||||
// rights because files are created with open() using O_EXCL and
|
||||
// without O_TRUNC.
|
||||
//
|
||||
// LANDLOCK_ACCESS_FS_READ_DIR is included here to get a clear error
|
||||
// message if xz is given a directory name. Without this permission
|
||||
// the message would be "Permission denied" but with this permission
|
||||
// it's "Is a directory, skipping". It could be worked around with
|
||||
// stat()/lstat() but just giving this permission is simpler and
|
||||
// shouldn't make the sandbox much weaker in practice.
|
||||
const uint64_t required_rights
|
||||
= LANDLOCK_ACCESS_FS_WRITE_FILE
|
||||
| LANDLOCK_ACCESS_FS_READ_FILE
|
||||
| LANDLOCK_ACCESS_FS_READ_DIR
|
||||
| LANDLOCK_ACCESS_FS_REMOVE_FILE
|
||||
| LANDLOCK_ACCESS_FS_MAKE_REG;
|
||||
|
||||
|
@ -240,7 +248,9 @@ sandbox_enable_read_only(void)
|
|||
{
|
||||
// We will be opening files for reading but
|
||||
// won't create or remove any files.
|
||||
const uint64_t required_rights = LANDLOCK_ACCESS_FS_READ_FILE;
|
||||
const uint64_t required_rights
|
||||
= LANDLOCK_ACCESS_FS_READ_FILE
|
||||
| LANDLOCK_ACCESS_FS_READ_DIR;
|
||||
enable_landlock(required_rights);
|
||||
return;
|
||||
}
|
||||
|
@ -256,6 +266,9 @@ sandbox_enable_strict_if_allowed(int src_fd lzma_attribute((__unused__)),
|
|||
|
||||
// Allow all restrictions that the kernel supports with the
|
||||
// highest Landlock ABI version that the kernel or xz supports.
|
||||
//
|
||||
// NOTE: LANDLOCK_ACCESS_FS_READ_DIR isn't needed here because
|
||||
// the only input file has already been opened.
|
||||
enable_landlock(0);
|
||||
return;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue