From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from atuin.qyliss.net (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id C6F7AA8BB; Sat, 13 Dec 2025 19:13:14 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 993) id 01F5BA93B; Sat, 13 Dec 2025 19:13:12 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DMARC_MISSING,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=4.0.1 Received: from fhigh-a6-smtp.messagingengine.com (fhigh-a6-smtp.messagingengine.com [103.168.172.157]) by atuin.qyliss.net (Postfix) with ESMTPS id 81290A93A for ; Sat, 13 Dec 2025 19:13:10 +0000 (UTC) Received: from phl-compute-04.internal (phl-compute-04.internal [10.202.2.44]) by mailfhigh.phl.internal (Postfix) with ESMTP id A741B14000C3; Sat, 13 Dec 2025 14:13:06 -0500 (EST) Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-04.internal (MEProxy); Sat, 13 Dec 2025 14:13:06 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc :cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm3; t=1765653186; x=1765739586; bh=iWgZE098yZ g3Z+vz8IQLLLaK0tTHnLO+UJHpICP+xVI=; b=eYoeKR1j0ivZvGhtEc6uBnEzdf QHUMqITLdjspsbrMhOJA4pa6WPnEmI/4YOnem1G2EzjLTy/X1BhBWpACuYbO4Qqs Y4UQPp2xcnf2nWmlffEYIUC0khSUFGyGUcr8NMQR01eNoBdWFaj5rEtfBdINvQHN IdVkQx/2MRdRpKz+72DS6zqqgHI9S9CSZLX153aYjpaOIMI1z+V6EASO5cQAem46 AFt/QlfEkLb+4oLWE8Ik1rOXR9ShhEjiwS1083BX4ZAYKCx2rq2aHQBuOvBRwLjo y3XzYwKPwcmUK2Vs4v0ER2ckluk7bgYoUjx51WzvTcgmg+OkvjtYcNWFxXRg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t= 1765653186; x=1765739586; bh=iWgZE098yZg3Z+vz8IQLLLaK0tTHnLO+UJH pICP+xVI=; b=UKUenaM+V9gJAkSfR7eSvIz1BKp5sq5kzibuKfJBOvo0c6UKzWc CLk7drtqa9aD1VUwRCGi9xteSGDufMVRlOu/Ajq6PzATBa8vV4ha8ZbNroiLrcQ5 HDbGmOFpiaYekW/F04J2bKCJ7u1DwlAm+Ayz/R2NuJoIWvvBeTt3tqJYmr9jggPA cfkQnjWhPE630Wvx0BXiGFb4KTspnTPFZRYFCB6M7dqa2w+bEwCJk8FZUWvQzV2q lNsSjKt/4era0NQBf7H2yk4HZbYRzKiMzrRfpVCpu7GPvlirM6irOdpsBMzLmT5H dOc8wDBB8DZcImaFV+nz56AcrlR2HM1HDzA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefgedrtddtgdefudekjecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpuffrtefokffrpgfnqfghnecuuegr ihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjug hrpefhvfevufgjfhffkfggtgesghdtreertddttdenucfhrhhomheptehlhihsshgrucft ohhsshcuoehhihesrghlhihsshgrrdhisheqnecuggftrfgrthhtvghrnhepieduffeuie elgfetgfdttddtkeekheekgfehkedufeevteegfeeiffetvdetueevnecuvehluhhsthgv rhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhephhhisegrlhihshhsrgdrih hspdhnsggprhgtphhtthhopedvpdhmohguvgepshhmthhpohhuthdprhgtphhtthhopegu vghmihhosggvnhhouhhrsehgmhgrihhlrdgtohhmpdhrtghpthhtohepuggvvhgvlhessh hpvggtthhruhhmqdhoshdrohhrgh X-ME-Proxy: Feedback-ID: i12284293:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 13 Dec 2025 14:13:06 -0500 (EST) Received: by fw12.qyliss.net (Postfix, from userid 1000) id 08CE6793683D; Sat, 13 Dec 2025 20:12:55 +0100 (CET) From: Alyssa Ross To: Demi Marie Obenour Subject: Re: [PATCH] host/roots: Sandbox xdg-desktop-portal-spectrum-host In-Reply-To: <20251212-sandbox-dbus-portal-v1-1-522705202482@gmail.com> References: <20251212-sandbox-dbus-portal-v1-1-522705202482@gmail.com> Date: Sat, 13 Dec 2025 20:12:53 +0100 Message-ID: <87o6o25h6y.fsf@alyssa.is> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Message-ID-Hash: U3FLPZGOTFN73U2B5SBBFOAFHD3O4NIP X-Message-ID-Hash: U3FLPZGOTFN73U2B5SBBFOAFHD3O4NIP X-MailFrom: hi@alyssa.is X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1; header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3; header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Spectrum OS Development X-Mailman-Version: 3.3.9 Precedence: list List-Id: Patches and low-level development discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Demi Marie Obenour writes: > It is quite possible that these Landlock rules are unnecessarily > permissive, but all of the paths to which read and execute access is > granted are part of the root filesystem and therefore assumed to be > public knowledge. Removing access from any of them would only increase > the risk of accidental breakage in the future, and would not provide any > security improvements. seccomp *could* provide some improvements, but > the effort needed is too high for now. > > Signed-off-by: Demi Marie Obenour > --- > .../template/data/service/xdg-desktop-portal-spectrum-host/run | 8 ++= ++++++ > 1 file changed, 8 insertions(+) Are you sure this is working as intended? There's no rule allowing access to Cloud Hypervisor's VSOCK socket, and yet it still seems to be able to access that. Don't you need to set a rule that *restricts* filesystem access and then add holes? Did you ever see this deny anything? And wouldn't it make more sense to implement this inside the program itself, since it's code we control that will only ever run on Spectrum? That way it could even drop privileges after they're no longer needed, perhaps. There's a nice landlock Rust crate that's already used by Cloud Hypervisor. > diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-ser= vices/template/data/service/xdg-desktop-portal-spectrum-host/run b/host/roo= tfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/ser= vice/xdg-desktop-portal-spectrum-host/run > index d2bf78cefc3837b5d5369dbab819606e71bf1fc5..c3d67b6520d490c71bdce0f10= 56b2960115108b3 100755 > --- a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/t= emplate/data/service/xdg-desktop-portal-spectrum-host/run > +++ b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/t= emplate/data/service/xdg-desktop-portal-spectrum-host/run > @@ -12,4 +12,12 @@ s6-ipcserver-socketbinder -a 0700 /run/vm/by-id/${VM}/= vsock_219 > if { fdmove 1 3 echo } > fdclose 3 >=20=20 > +unshare -inu -- > +setpriv > + --landlock-access fs > + --landlock-rule path-beneath:read-file,execute:/nix/store > + --landlock-rule path-beneath:read-file,execute:/usr/bin > + --landlock-rule path-beneath:read-file,execute:/usr/lib > + --landlock-rule path-beneath:read-file:/run/vm/by-id/${VM}/portal-bus > + -- > xdg-desktop-portal-spectrum-host > > --- > base-commit: 59cda41acc455513cf9936e99b8d97647955ac07 > change-id: 20251212-sandbox-dbus-portal-4f98ba29c23a > > --=20 > Sincerely, > Demi Marie Obenour (she/her/hers) --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQQGoGac7QfI+H5ZtFCZddwkt31pFQUCaT26tQAKCRCZddwkt31p FdXhAP9Q7LYq9EVhgba8Fo+ar7AtJ06OxjxX/uEas/RcdlhGUAEArztlhlnrJV+W QwFe3PTvoiM1cc+ETdcVOxgEpnkRWgY= =UDZq -----END PGP SIGNATURE----- --=-=-=--