summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthieu Buffet <matthieu@buffet.re>2024-10-19 17:15:34 +0200
committerMickaël Salaün <mic@digikod.net>2024-10-22 20:43:43 +0200
commit53b9d789df983790015ef04b0283ac5a33917cad (patch)
treebb30d7ae94e5e0a5e0872e02580832ca973fc89f
parentf51e55a0892bd2030c847d4583c12498bb93f812 (diff)
samples/landlock: Clarify option parsing behaviour
Clarify the distinction between filesystem variables (mandatory) and all others (optional). For optional variables, explain the difference between unset variables (no access check performed) and empty variables (nothing allowed for lists of allowed paths/ports, or no effect for lists of scopes). List the known LL_SCOPED values and their effect. Signed-off-by: Matthieu Buffet <matthieu@buffet.re> Link: https://lore.kernel.org/r/20241019151534.1400605-4-matthieu@buffet.re [mic: Add a missing colon] Signed-off-by: Mickaël Salaün <mic@digikod.net>
-rw-r--r--samples/landlock/sandboxer.c31
1 files changed, 16 insertions, 15 deletions
diff --git a/samples/landlock/sandboxer.c b/samples/landlock/sandboxer.c
index dba143f62bf5..57565dfd74a2 100644
--- a/samples/landlock/sandboxer.c
+++ b/samples/landlock/sandboxer.c
@@ -296,25 +296,26 @@ out_unset:
/* clang-format off */
static const char help[] =
- "usage: "
- ENV_FS_RO_NAME "=\"...\" "
- ENV_FS_RW_NAME "=\"...\" "
- ENV_TCP_BIND_NAME "=\"...\" "
- ENV_TCP_CONNECT_NAME "=\"...\" "
- ENV_SCOPED_NAME "=\"...\" %1$s <cmd> [args]...\n"
+ "usage: " ENV_FS_RO_NAME "=\"...\" " ENV_FS_RW_NAME "=\"...\" "
+ "[other environment variables] %1$s <cmd> [args]...\n"
"\n"
- "Execute a command in a restricted environment.\n"
+ "Execute the given command in a restricted environment.\n"
+ "Multi-valued settings (lists of ports, paths, scopes) are colon-delimited.\n"
"\n"
- "Environment variables containing paths and ports each separated by a colon:\n"
- "* " ENV_FS_RO_NAME ": list of paths allowed to be used in a read-only way.\n"
- "* " ENV_FS_RW_NAME ": list of paths allowed to be used in a read-write way.\n"
+ "Mandatory settings:\n"
+ "* " ENV_FS_RO_NAME ": paths allowed to be used in a read-only way\n"
+ "* " ENV_FS_RW_NAME ": paths allowed to be used in a read-write way\n"
"\n"
- "Environment variables containing ports are optional and could be skipped.\n"
- "* " ENV_TCP_BIND_NAME ": list of ports allowed to bind (server).\n"
- "* " ENV_TCP_CONNECT_NAME ": list of ports allowed to connect (client).\n"
- "* " ENV_SCOPED_NAME ": list of scoped IPCs.\n"
+ "Optional settings (when not set, their associated access check "
+ "is always allowed, which is different from an empty string which "
+ "means an empty list):\n"
+ "* " ENV_TCP_BIND_NAME ": ports allowed to bind (server)\n"
+ "* " ENV_TCP_CONNECT_NAME ": ports allowed to connect (client)\n"
+ "* " ENV_SCOPED_NAME ": actions denied on the outside of the landlock domain\n"
+ " - \"a\" to restrict opening abstract unix sockets\n"
+ " - \"s\" to restrict sending signals\n"
"\n"
- "example:\n"
+ "Example:\n"
ENV_FS_RO_NAME "=\"${PATH}:/lib:/usr:/proc:/etc:/dev/urandom\" "
ENV_FS_RW_NAME "=\"/dev/null:/dev/full:/dev/zero:/dev/pts:/tmp\" "
ENV_TCP_BIND_NAME "=\"9418\" "