Landlock Security Module Able To Deal With "Weird Files" On Linux 6.14

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • phoronix
    Administrator
    • Jan 2007
    • 67332

    Landlock Security Module Able To Deal With "Weird Files" On Linux 6.14

    Phoronix: Landlock Security Module Able To Deal With "Weird Files" On Linux 6.14

    The Landlock Linux security module that was added to the mainline Linux kernel four years ago for unprivileged application sandboxing and similar access controls has a rather weird update for the in-development Linux 6.14 kernel: Land lock can now deal with "weird files"...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
  • ayumu
    Senior Member
    • Oct 2008
    • 661

    #2
    Either reimplement the whole thing with a proper microkernel multiserver architecture, or call panic().

    Why continue to run an obviously corrupted system.

    Comment

    • aviallon
      Senior Member
      • Dec 2022
      • 292

      #3
      ayumu if your filesystem is corrupted, you probably want to be able to repair it. You certainly don't want to panic.

      Comment

      • Alexmitter
        Senior Member
        • Mar 2019
        • 1132

        #4
        Originally posted by ayumu View Post
        Either reimplement the whole thing with a proper microkernel multiserver architecture, or call panic().

        Why continue to run an obviously corrupted system.
        A. How exactly would it help if your filesystem is implemented outside the kernel space as per a microkernel multiserver arch if a corruption occured?
        B. File System corruption can be due to multiple factors may it be bad design and an incompetent developer eg. bcachefs or due to HW failures. A microkernel would not help here either.
        C. You want to be able to repair a corruption, ideally even transparently.

        Comment

        • ayumu
          Senior Member
          • Oct 2008
          • 661

          #5
          Originally posted by Alexmitter View Post

          A. How exactly would it help if your filesystem is implemented outside the kernel space as per a microkernel multiserver arch if a corruption occured?
          That filesystem aside, other filesystems (including other instances of the same code), as well as the rest of the system, could still be trusted.

          B. File System corruption can be due to multiple factors may it be bad design and an incompetent developer eg. bcachefs or due to HW failures. A microkernel would not help here either.
          There's no silver bullet, but using ECC memory and minimizing TCB like seL4 absolutely helps.


          C. You want to be able to repair a corruption, ideally even transparently.
          Originally posted by aviallon View Post
          ayumu if your filesystem is corrupted, you probably want to be able to repair it. You certainly don't want to panic.

          Yes, ideally. But these "weird files" we're talking about do mean that the filesystem code failed, and since the filesystem code is running with supervisor privileges, the entire system is compromised, and thus we should be calling panic() the moment we notice this, in order to prevent further damage.

          Comment

          • hoohoo
            Senior Member
            • Dec 2010
            • 476

            #6
            On encountering a weird file it should emulate systemd: rename all the network interfaces, then pause for 3 minute waiting for the now broken configuration to be applied, then finally reboot to single user mode.

            Comment

            Working...
            X