(no title)
bboozzoo | 3 months ago
Even the example code builds a somewhat questionable 'sandbox' that hits a problem discussed in those threads. Say we're ok with an app having r-w access to home except for a couple of places such as ~/.ssh. Now you could try to add a rule to exclude access to ~/.ssh, but the security object must exist when the policy is being established (the rules refer to directories by fds). As such, no .ssh directory, means not rules denying access. You start a sandboxed app thinking you've set up a tight sandbox, at some point ~/.ssh gets created, and now the untrusted app can read your ssh keys.
razighter777|2 months ago
Seems solvable by perhaps storing paths that don't exist yet on the filesystem in landlock's red black tree.
Workaround might be creating .ssh ahead of time