JIRA: https://issues.redhat.com/browse/RHEL-94688
The sandboxer can receive the character "a" as input from the
environment variable LL_SCOPE to restrict sandboxed processes from
connecting to an abstract UNIX socket created by a process outside of
the sandbox.
Example
=======
Create an abstract UNIX socket to listen with socat(1):
socat abstract-listen:mysocket -
Create a sandboxed shell and pass the character "a" to LL_SCOPED:
LL_FS_RO=/ LL_FS_RW=. LL_SCOPED="a" ./sandboxer /bin/bash
Note that any other form of input (e.g. "a:a", "aa", etc) is not
acceptable.
If the sandboxed process tries to connect to the listening socket, the
connection will fail:
socat - abstract-connect:mysocket
Signed-off-by: Tahera Fahimi <fahimitahera@gmail.com>
Link: https://lore.kernel.org/r/d8af908f00b77415caa3eb0f4de631c3794e4909.1725494372.git.fahimitahera@gmail.com
[mic: Improve commit message, simplify check_ruleset_scope() with
inverted error code and only one scoped change, always unset environment
variable]
Signed-off-by: Mickaël Salaün <mic@digikod.net>
(cherry picked from commit 369b48b43a09f995876bb2e88d78845eb2a80212)
Signed-off-by: Ryan Sullivan <rysulliv@redhat.com>
1422dd6086