On 12/13/25 14:12, Alyssa Ross wrote: > Demi Marie Obenour writes: > >> It is quite possible that these Landlock rules are unnecessarily >> permissive, but all of the paths to which read and execute access is >> granted are part of the root filesystem and therefore assumed to be >> public knowledge. Removing access from any of them would only increase >> the risk of accidental breakage in the future, and would not provide any >> security improvements. seccomp *could* provide some improvements, but >> the effort needed is too high for now. >> >> Signed-off-by: Demi Marie Obenour >> --- >> .../template/data/service/xdg-desktop-portal-spectrum-host/run | 8 ++++++++ >> 1 file changed, 8 insertions(+) > > Are you sure this is working as intended? There's no rule allowing > access to Cloud Hypervisor's VSOCK socket, and yet it still seems to be > able to access that. Don't you need to set a rule that *restricts* > filesystem access and then add holes? Did you ever see this deny > anything? 'man 1 setpriv' states that '--landlock-access fs' blocks all filesystem access unless a subsequent --landlock-rule permits it. I tried running with no --landlock-rule flags and the execve of xdg-desktop-portal-spectrum-host failed as expected. The socket is passed over stdin, and I'm pretty sure Landlock doesn't restrict using an already-open file descriptor. xdg-desktop-portal-spectrum-host does need to find the path to the socket, but I don't think it ever accesses that path. > And wouldn't it make more sense to implement this inside the program > itself, since it's code we control that will only ever run on Spectrum? > That way it could even drop privileges after they're no longer needed, > perhaps. There's a nice landlock Rust crate that's already used by > Cloud Hypervisor. It definitely does make far more sense to use Landlock from within the process itself. That should allow dropping all filesystem and network access. >> diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/xdg-desktop-portal-spectrum-host/run b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/xdg-desktop-portal-spectrum-host/run >> index d2bf78cefc3837b5d5369dbab819606e71bf1fc5..c3d67b6520d490c71bdce0f1056b2960115108b3 100755 >> --- a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/xdg-desktop-portal-spectrum-host/run >> +++ b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/xdg-desktop-portal-spectrum-host/run >> @@ -12,4 +12,12 @@ s6-ipcserver-socketbinder -a 0700 /run/vm/by-id/${VM}/vsock_219 >> if { fdmove 1 3 echo } >> fdclose 3 >> >> +unshare -inu -- >> +setpriv >> + --landlock-access fs >> + --landlock-rule path-beneath:read-file,execute:/nix/store >> + --landlock-rule path-beneath:read-file,execute:/usr/bin >> + --landlock-rule path-beneath:read-file,execute:/usr/lib >> + --landlock-rule path-beneath:read-file:/run/vm/by-id/${VM}/portal-bus >> + -- >> xdg-desktop-portal-spectrum-host >> >> --- >> base-commit: 59cda41acc455513cf9936e99b8d97647955ac07 >> change-id: 20251212-sandbox-dbus-portal-4f98ba29c23a >> >> -- >> Sincerely, >> Demi Marie Obenour (she/her/hers) -- Sincerely, Demi Marie Obenour (she/her/hers)