On 12/13/25 14:12, Alyssa Ross wrote:
Demi Marie Obenour <demiobenour@gmail.com> writes:
It is quite possible that these Landlock rules are unnecessarily permissive, but all of the paths to which read and execute access is granted are part of the root filesystem and therefore assumed to be public knowledge. Removing access from any of them would only increase the risk of accidental breakage in the future, and would not provide any security improvements. seccomp *could* provide some improvements, but the effort needed is too high for now.
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> --- .../template/data/service/xdg-desktop-portal-spectrum-host/run | 8 ++++++++ 1 file changed, 8 insertions(+)
Are you sure this is working as intended? There's no rule allowing access to Cloud Hypervisor's VSOCK socket, and yet it still seems to be able to access that. Don't you need to set a rule that *restricts* filesystem access and then add holes? Did you ever see this deny anything?
'man 1 setpriv' states that '--landlock-access fs' blocks all filesystem access unless a subsequent --landlock-rule permits it. I tried running with no --landlock-rule flags and the execve of xdg-desktop-portal-spectrum-host failed as expected. The socket is passed over stdin, and I'm pretty sure Landlock doesn't restrict using an already-open file descriptor. xdg-desktop-portal-spectrum-host does need to find the path to the socket, but I don't think it ever accesses that path.
And wouldn't it make more sense to implement this inside the program itself, since it's code we control that will only ever run on Spectrum? That way it could even drop privileges after they're no longer needed, perhaps. There's a nice landlock Rust crate that's already used by Cloud Hypervisor.
It definitely does make far more sense to use Landlock from within the process itself. That should allow dropping all filesystem and network access.
diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/xdg-desktop-portal-spectrum-host/run b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/xdg-desktop-portal-spectrum-host/run index d2bf78cefc3837b5d5369dbab819606e71bf1fc5..c3d67b6520d490c71bdce0f1056b2960115108b3 100755 --- a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/xdg-desktop-portal-spectrum-host/run +++ b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/xdg-desktop-portal-spectrum-host/run @@ -12,4 +12,12 @@ s6-ipcserver-socketbinder -a 0700 /run/vm/by-id/${VM}/vsock_219 if { fdmove 1 3 echo } fdclose 3
+unshare -inu -- +setpriv + --landlock-access fs + --landlock-rule path-beneath:read-file,execute:/nix/store + --landlock-rule path-beneath:read-file,execute:/usr/bin + --landlock-rule path-beneath:read-file,execute:/usr/lib + --landlock-rule path-beneath:read-file:/run/vm/by-id/${VM}/portal-bus + -- xdg-desktop-portal-spectrum-host
--- base-commit: 59cda41acc455513cf9936e99b8d97647955ac07 change-id: 20251212-sandbox-dbus-portal-4f98ba29c23a
-- Sincerely, Demi Marie Obenour (she/her/hers)
-- Sincerely, Demi Marie Obenour (she/her/hers)