-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Introduce Landlock isolation support #816
base: main
Are you sure you want to change the base?
Conversation
fcfa50c
to
c61742d
Compare
Depends on #814. |
We need to move the
|
TODO: Investigate |
c61742d
to
ae44e0d
Compare
My approach to the problem of "not being able to whitelist files that don't exist yet" is just whitelisting the parent directory and letting UhyveFileMap contain file operations to that one specific file only (in the whitelisted directory). We do that by iterating over the file's parents and establishing whether they exist, once - but this could be made configurable, and it should be fine if we disclose to the user that whitelisting directories is safer. However, whitelisting a directory is not always practical, because we can't map the entirety of |
The change incorporates some changes from #844. |
hermit-os/kernel#1529 is now a hard requirement for this change. CC: @mkroening |
no idea why fs-related integration tests work locally but fail in the CI, will investigate later |
|
Ported from hermit-os#816, fixes a regression introduced by hermit-os/kernel#1529, which modified the Hermit kernel so that it uses absolute paths instead of relative ones.
This PR includes work that was split into separate PRs, #844 and #852, which should probably be merged first. This PR relies on hermit-os/kernel#1529. It includes some changes to our tests that reflect the changes made in hermit-os/kernel#1529. |
Ported from #816, fixes a regression introduced by hermit-os/kernel#1529, which modified the Hermit kernel so that it uses absolute paths instead of relative ones.
6f3660e
to
20f56b7
Compare
Enabled by default on Linux. Managed by the class UhyveLandlockWrapper, Landlock is enforced after all paths that it requires to function are enumerated in UhyveVm::new, right before the kernel is loaded in UhyveVm::load_kernel. Some tests were modified accordingly, as UhyveVm objects can't be reused.
20f56b7
to
c045ed7
Compare
@@ -50,7 +50,7 @@ pub fn run_simple_vm(kernel_path: PathBuf) -> VmResult { | |||
println!("Launching kernel {}", kernel_path.display()); | |||
let params = Params { | |||
cpu_count: 2.try_into().unwrap(), | |||
memory_size: Byte::from_u64_with_unit(32, Unit::MiB) | |||
memory_size: Byte::from_u64_with_unit(128, Unit::MiB) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Leftover.
memory_size: Byte::from_u64_with_unit(32, Unit::MiB) | ||
.unwrap() | ||
.try_into() | ||
.unwrap(), | ||
file_mapping: vec!["foo.txt:wrong.txt".to_string()], | ||
file_mapping: vec!["./foo.txt:/root/dir/wrong.txt".to_string()], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We will have to port this PR's changes to the tests as soon as the new kernel release is available, because the new kernel version will use /root/
/absolute paths.
Leaving this here for now, the most important design problem with this is how Landlock does not allow whitelisting files if they are not created. (So, we'd have to force the user to use a directory for that instead.)
We also need to avoid "parsing" the same
--file-mapping
inputs twice, as well as not useOnceLock
for enforcing the whitelist when the kernel is actually being loaded.UhyveVm::new
is called in a new thread because Landlock enforces the restrictions for the entire process and its children. We're not testing if the sandbox is applied correctly yet.See: https://docs.kernel.org/userspace-api/landlock.html
Fixes #766