landlock.rst 8.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189
  1. .. SPDX-License-Identifier: GPL-2.0
  2. .. Copyright © 2025 Microsoft Corporation
  3. ================================
  4. Landlock: system-wide management
  5. ================================
  6. :Author: Mickaël Salaün
  7. :Date: January 2026
  8. Landlock can leverage the audit framework to log events.
  9. User space documentation can be found here:
  10. Documentation/userspace-api/landlock.rst.
  11. Audit
  12. =====
  13. Denied access requests are logged by default for a sandboxed program if `audit`
  14. is enabled. This default behavior can be changed with the
  15. sys_landlock_restrict_self() flags (cf.
  16. Documentation/userspace-api/landlock.rst). Landlock logs can also be masked
  17. thanks to audit rules. Landlock can generate 2 audit record types.
  18. Record types
  19. ------------
  20. AUDIT_LANDLOCK_ACCESS
  21. This record type identifies a denied access request to a kernel resource.
  22. The ``domain`` field indicates the ID of the domain that blocked the
  23. request. The ``blockers`` field indicates the cause(s) of this denial
  24. (separated by a comma), and the following fields identify the kernel object
  25. (similar to SELinux). There may be more than one of this record type per
  26. audit event.
  27. Example with a file link request generating two records in the same event::
  28. domain=195ba459b blockers=fs.refer path="/usr/bin" dev="vda2" ino=351
  29. domain=195ba459b blockers=fs.make_reg,fs.refer path="/usr/local" dev="vda2" ino=365
  30. The ``blockers`` field uses dot-separated prefixes to indicate the type of
  31. restriction that caused the denial:
  32. **fs.*** - Filesystem access rights (ABI 1+):
  33. - fs.execute, fs.write_file, fs.read_file, fs.read_dir
  34. - fs.remove_dir, fs.remove_file
  35. - fs.make_char, fs.make_dir, fs.make_reg, fs.make_sock
  36. - fs.make_fifo, fs.make_block, fs.make_sym
  37. - fs.refer (ABI 2+)
  38. - fs.truncate (ABI 3+)
  39. - fs.ioctl_dev (ABI 5+)
  40. **net.*** - Network access rights (ABI 4+):
  41. - net.bind_tcp - TCP port binding was denied
  42. - net.connect_tcp - TCP connection was denied
  43. **scope.*** - IPC scoping restrictions (ABI 6+):
  44. - scope.abstract_unix_socket - Abstract UNIX socket connection denied
  45. - scope.signal - Signal sending denied
  46. Multiple blockers can appear in a single event (comma-separated) when
  47. multiple access rights are missing. For example, creating a regular file
  48. in a directory that lacks both ``make_reg`` and ``refer`` rights would show
  49. ``blockers=fs.make_reg,fs.refer``.
  50. The object identification fields (path, dev, ino for filesystem; opid,
  51. ocomm for signals) depend on the type of access being blocked and provide
  52. context about what resource was involved in the denial.
  53. AUDIT_LANDLOCK_DOMAIN
  54. This record type describes the status of a Landlock domain. The ``status``
  55. field can be either ``allocated`` or ``deallocated``.
  56. The ``allocated`` status is part of the same audit event and follows
  57. the first logged ``AUDIT_LANDLOCK_ACCESS`` record of a domain. It identifies
  58. Landlock domain information at the time of the sys_landlock_restrict_self()
  59. call with the following fields:
  60. - the ``domain`` ID
  61. - the enforcement ``mode``
  62. - the domain creator's ``pid``
  63. - the domain creator's ``uid``
  64. - the domain creator's executable path (``exe``)
  65. - the domain creator's command line (``comm``)
  66. Example::
  67. domain=195ba459b status=allocated mode=enforcing pid=300 uid=0 exe="/root/sandboxer" comm="sandboxer"
  68. The ``deallocated`` status is an event on its own and it identifies a
  69. Landlock domain release. After such event, it is guarantee that the
  70. related domain ID will never be reused during the lifetime of the system.
  71. The ``domain`` field indicates the ID of the domain which is released, and
  72. the ``denials`` field indicates the total number of denied access request,
  73. which might not have been logged according to the audit rules and
  74. sys_landlock_restrict_self()'s flags.
  75. Example::
  76. domain=195ba459b status=deallocated denials=3
  77. Event samples
  78. --------------
  79. Here are two examples of log events (see serial numbers).
  80. In this example a sandboxed program (``kill``) tries to send a signal to the
  81. init process, which is denied because of the signal scoping restriction
  82. (``LL_SCOPED=s``)::
  83. $ LL_FS_RO=/ LL_FS_RW=/ LL_SCOPED=s LL_FORCE_LOG=1 ./sandboxer kill 1
  84. This command generates two events, each identified with a unique serial
  85. number following a timestamp (``msg=audit(1729738800.268:30)``). The first
  86. event (serial ``30``) contains 4 records. The first record
  87. (``type=LANDLOCK_ACCESS``) shows an access denied by the domain `1a6fdc66f`.
  88. The cause of this denial is signal scoping restriction
  89. (``blockers=scope.signal``). The process that would have receive this signal
  90. is the init process (``opid=1 ocomm="systemd"``).
  91. The second record (``type=LANDLOCK_DOMAIN``) describes (``status=allocated``)
  92. domain `1a6fdc66f`. This domain was created by process ``286`` executing the
  93. ``/root/sandboxer`` program launched by the root user.
  94. The third record (``type=SYSCALL``) describes the syscall, its provided
  95. arguments, its result (``success=no exit=-1``), and the process that called it.
  96. The fourth record (``type=PROCTITLE``) shows the command's name as an
  97. hexadecimal value. This can be translated with ``python -c
  98. 'print(bytes.fromhex("6B696C6C0031"))'``.
  99. Finally, the last record (``type=LANDLOCK_DOMAIN``) is also the only one from
  100. the second event (serial ``31``). It is not tied to a direct user space action
  101. but an asynchronous one to free resources tied to a Landlock domain
  102. (``status=deallocated``). This can be useful to know that the following logs
  103. will not concern the domain ``1a6fdc66f`` anymore. This record also summarize
  104. the number of requests this domain denied (``denials=1``), whether they were
  105. logged or not.
  106. .. code-block::
  107. type=LANDLOCK_ACCESS msg=audit(1729738800.268:30): domain=1a6fdc66f blockers=scope.signal opid=1 ocomm="systemd"
  108. type=LANDLOCK_DOMAIN msg=audit(1729738800.268:30): domain=1a6fdc66f status=allocated mode=enforcing pid=286 uid=0 exe="/root/sandboxer" comm="sandboxer"
  109. type=SYSCALL msg=audit(1729738800.268:30): arch=c000003e syscall=62 success=no exit=-1 [..] ppid=272 pid=286 auid=0 uid=0 gid=0 [...] comm="kill" [...]
  110. type=PROCTITLE msg=audit(1729738800.268:30): proctitle=6B696C6C0031
  111. type=LANDLOCK_DOMAIN msg=audit(1729738800.324:31): domain=1a6fdc66f status=deallocated denials=1
  112. Here is another example showcasing filesystem access control::
  113. $ LL_FS_RO=/ LL_FS_RW=/tmp LL_FORCE_LOG=1 ./sandboxer sh -c "echo > /etc/passwd"
  114. The related audit logs contains 8 records from 3 different events (serials 33,
  115. 34 and 35) created by the same domain `1a6fdc679`::
  116. type=LANDLOCK_ACCESS msg=audit(1729738800.221:33): domain=1a6fdc679 blockers=fs.write_file path="/dev/tty" dev="devtmpfs" ino=9
  117. type=LANDLOCK_DOMAIN msg=audit(1729738800.221:33): domain=1a6fdc679 status=allocated mode=enforcing pid=289 uid=0 exe="/root/sandboxer" comm="sandboxer"
  118. type=SYSCALL msg=audit(1729738800.221:33): arch=c000003e syscall=257 success=no exit=-13 [...] ppid=272 pid=289 auid=0 uid=0 gid=0 [...] comm="sh" [...]
  119. type=PROCTITLE msg=audit(1729738800.221:33): proctitle=7368002D63006563686F203E202F6574632F706173737764
  120. type=LANDLOCK_ACCESS msg=audit(1729738800.221:34): domain=1a6fdc679 blockers=fs.write_file path="/etc/passwd" dev="vda2" ino=143821
  121. type=SYSCALL msg=audit(1729738800.221:34): arch=c000003e syscall=257 success=no exit=-13 [...] ppid=272 pid=289 auid=0 uid=0 gid=0 [...] comm="sh" [...]
  122. type=PROCTITLE msg=audit(1729738800.221:34): proctitle=7368002D63006563686F203E202F6574632F706173737764
  123. type=LANDLOCK_DOMAIN msg=audit(1729738800.261:35): domain=1a6fdc679 status=deallocated denials=2
  124. Event filtering
  125. ---------------
  126. If you get spammed with audit logs related to Landlock, this is either an
  127. attack attempt or a bug in the security policy. We can put in place some
  128. filters to limit noise with two complementary ways:
  129. - with sys_landlock_restrict_self()'s flags if we can fix the sandboxed
  130. programs,
  131. - or with audit rules (see :manpage:`auditctl(8)`).
  132. Additional documentation
  133. ========================
  134. * `Linux Audit Documentation`_
  135. * Documentation/userspace-api/landlock.rst
  136. * Documentation/security/landlock.rst
  137. * https://landlock.io
  138. .. Links
  139. .. _Linux Audit Documentation:
  140. https://github.com/linux-audit/audit-documentation/wiki