crtxcr/exile.h
1
0
Fork 0
Code Issues 14 Pull Requests 1 Releases Wiki Activity

Add landlock policy flags if landlock is supported

Browse Source
This commit is contained in:
Albert S. 2021-05-09 11:55:58 +02:00
parent 8697fd8b84
commit 4674638e9a
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
qssb.h
View File

@ -41,6 +41,11 @@
#include <inttypes.h> #include <inttypes.h>
#include <asm/unistd.h> #include <asm/unistd.h>
#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,13,0)
#include <linux/landlock.h>
#define HAVE_LANDLOCK 1
#endif
//TODO: stolen from kernel samples/seccomp, GPLv2...? //TODO: stolen from kernel samples/seccomp, GPLv2...?
#define ALLOW \ #define ALLOW \
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
@ -78,6 +83,18 @@
//don't mount recursive //don't mount recursive
#define QSSB_MOUNT_NOT_REC 1<<5 #define QSSB_MOUNT_NOT_REC 1<<5
#if HAVE_LANDLOCK == 1
#define QSSB_FS_ALLOW_REMOVE_DIR (1 << 7)
#define QSSB_FS_ALLOW_REMOVE_FILE (1 << 8)
#define QSSB_FS_ALLOW_MAKE_CHAR (1 << 9)
#define QSSB_FS_ALLOW_MAKE_DIR (1 << 10)
#define QSSB_FS_ALLOW_MAKE_REG (1 << 11)
#define QSSB_FS_ALLOW_MAKE_SOCK (1 << 12)
#define QSSB_FS_ALLOW_MAKE_FIFO (1 << 13)
#define QSSB_FS_ALLOW_MAKE_BLOCK (1 << 14)
#define QSSB_FS_ALLOW_MAKE_SYM (1 << 15)
#endif
/* Most exploits have more need for those syscalls than the /* Most exploits have more need for those syscalls than the
* exploited programs. In cases they are needed, this list should be * exploited programs. In cases they are needed, this list should be