container: optionally isolate host abstract UNIX domain sockets via landlock

app: set up acl on X11 socket
The socket is typically owned by the priv-user, and inaccessible by the target user, so just allowing access to the directory is not enough. This change fixes this oversight and add checks that will also be useful for merging #1. Signed-off-by: Ophestra <cat@gensokyo.uk> # Conflicts: # test/sandbox/case/device.nix # test/sandbox/case/tty.nix
2025-08-18 11:50:05 +09:00 · 2025-08-18 11:49:49 +09:00
14 changed files with 54 additions and 53 deletions
--- a/container/container.go
+++ b/container/container.go
@ -92,8 +92,6 @@ type (
 		RetainSession bool
 		// Do not [syscall.CLONE_NEWNET].
 		HostNet bool
 		// Scope abstract UNIX domain sockets using LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET.
 		ScopeAbstract bool
 		// Retain CAP_SYS_ADMIN.
 		Privileged bool
 	}
--- a/container/init.go
+++ b/container/init.go
@ -13,7 +13,6 @@ import (
 	. "syscall"
 	"time"
 	"hakurei.app/container/landlock"
 	"hakurei.app/container/seccomp"
 )
@ -261,12 +260,6 @@ func Init(prepare func(prefix string), setVerbose func(verbose bool)) {
 		msg.Verbose("syscall filter not configured")
 	}
 	if params.ScopeAbstract {
 		if err := landlock.ScopeAbstract(); err != nil {
 			log.Fatalf("could not scope abstract unix sockets: %v", err)
 		}
 	}
 	extraFiles := make([]*os.File, params.Count)
 	for i := range extraFiles {
 		// setup fd is placed before all extra files
--- a/container/landlock/landlock-helper.c
+++ b/container/landlock/landlock-helper.c
@ -1,14 +0,0 @@
 #include <errno.h>
 #include <linux/landlock.h>
 #include <sys/psx_syscall.h>
 #include <sys/syscall.h>
 #include "landlock-helper.h"
 int hakurei_scope_abstract_unix_sockets(int* p_errno, int fd) {
  int res = psx_syscall3(SYS_landlock_restrict_self, fd, 0, 0);
  *p_errno = errno;
  return res;
 }
--- a/container/landlock/landlock-helper.h
+++ b/container/landlock/landlock-helper.h
@ -1,3 +0,0 @@
 #pragma once
 int hakurei_scope_abstract_unix_sockets(int* p_errno, int fd);
--- a/container/landlock/landlock.go
+++ b/container/landlock/landlock.go
@ -1,12 +1,8 @@
 package landlock
 /*
 #cgo linux pkg-config: --static libpsx
 #include <linux/landlock.h>
 #include <sys/syscall.h>
 #include "landlock-helper.h"
 */
 import "C"
@ -21,10 +17,13 @@ const (
 	LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET = C.LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET
 	SYS_LANDLOCK_CREATE_RULESET = C.SYS_landlock_create_ruleset
 	SYS_LANDLOCK_RESTRICT_SELF  = C.SYS_landlock_restrict_self
 )
 type LandlockRulesetAttr = C.struct_landlock_ruleset_attr
 // ScopeAbstract calls landlock_restrict_self and must be called from a goroutine wired to an m
 // with the process starting from the same goroutine.
 func ScopeAbstract() error {
 	abi, _, err := syscall.Syscall(SYS_LANDLOCK_CREATE_RULESET, 0, 0, LANDLOCK_CREATE_RULESET_VERSION)
@ -48,10 +47,9 @@ func ScopeAbstract() error {
 	defer syscall.Close(int(fd))
-	var errno C.int
+	r, _, err := syscall.Syscall(SYS_LANDLOCK_RESTRICT_SELF, fd, 0, 0)
-	if rv := C.hakurei_scope_abstract_unix_sockets(&errno, C.int(fd)); rv != 0 {
+	if r != 0 {
-		return fmt.Errorf("could not restrict self via landlock: errno %v", errno)
+		return fmt.Errorf("could not restrict self via landlock: errno %v", err)
 	}
 	return nil
 }
--- a/internal/app/seal_linux.go
+++ b/internal/app/seal_linux.go
@ -416,6 +416,22 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co
 			seal.sys.ChangeHosts("#" + seal.user.uid.String())
 			seal.env[display] = d
 			seal.container.Bind(socketDir, socketDir, 0)
 			// the socket file at `/tmp/.X11-unix/X%d` is typically owned by the priv user
 			// and not accessible by the target user
 			var socketPath *container.Absolute
 			if len(d) > 1 && d[0] == ':' { // `:%d`
 				if n, err := strconv.Atoi(d[1:]); err == nil && n >= 0 {
 					socketPath = socketDir.Append("X" + strconv.Itoa(n))
 				}
 			} else if len(d) > 5 && strings.HasPrefix(d, "unix:") { // `unix:%s`
 				if a, err := container.NewAbs(d[5:]); err == nil {
 					socketPath = a
 				}
 			}
 			if socketPath != nil {
 				seal.sys.UpdatePermTypeOptional(system.EX11, socketPath.String(), acl.Read, acl.Write, acl.Execute)
 			}
 		}
 	}
--- a/package.nix
+++ b/package.nix
@ -5,7 +5,6 @@
  makeBinaryWrapper,
  xdg-dbus-proxy,
  pkg-config,
  libcap,
  libffi,
  libseccomp,
  acl,
@ -81,16 +80,10 @@ buildGoModule rec {
        hsu = "/run/wrappers/bin/hsu";
      };
  env = {
    # required by libpsx
    CGO_LDFLAGS_ALLOW = "-Wl,(--no-whole-archive|--whole-archive)";
  # nix build environment does not allow acls
-    GO_TEST_SKIP_ACL = 1;
+  env.GO_TEST_SKIP_ACL = 1;
  };
  buildInputs = [
    libcap
    libffi
    libseccomp
    acl
--- a/system/acl.go
+++ b/system/acl.go
@ -21,7 +21,17 @@ func (sys *I) UpdatePermType(et Enablement, path string, perms ...acl.Perm) *I {
 	sys.lock.Lock()
 	defer sys.lock.Unlock()
-	sys.ops = append(sys.ops, &ACL{et, path, perms})
+	sys.ops = append(sys.ops, &ACL{et, path, perms, false})
 	return sys
 }
 // UpdatePermTypeOptional appends an acl update Op that silently continues if the target does not exist.
 func (sys *I) UpdatePermTypeOptional(et Enablement, path string, perms ...acl.Perm) *I {
 	sys.lock.Lock()
 	defer sys.lock.Unlock()
 	sys.ops = append(sys.ops, &ACL{et, path, perms, true})
 	return sys
 }
@ -30,14 +40,24 @@ type ACL struct {
 	et    Enablement
 	path  string
 	perms acl.Perms
 	// since revert operations are cross-process, the success of apply must not affect the outcome of revert
 	skipNotExist bool
 }
 func (a *ACL) Type() Enablement { return a.et }
 func (a *ACL) apply(sys *I) error {
 	msg.Verbose("applying ACL", a)
-	return wrapErrSuffix(acl.Update(a.path, sys.uid, a.perms...),
+	if err := acl.Update(a.path, sys.uid, a.perms...); err != nil {
 		if !a.skipNotExist || !os.IsNotExist(err) {
 			return wrapErrSuffix(err,
 				fmt.Sprintf("cannot apply ACL entry to %q:", a.path))
 		}
 		msg.Verbosef("path %q does not exist", a.path)
 		return nil
 	}
 	return nil
 }
 func (a *ACL) revert(sys *I, ec *Criteria) error {
--- a/system/acl_test.go
+++ b/system/acl_test.go
@ -20,7 +20,7 @@ func TestUpdatePerm(t *testing.T) {
 		t.Run(tc.path+permSubTestSuffix(tc.perms), func(t *testing.T) {
 			sys := New(150)
 			sys.UpdatePerm(tc.path, tc.perms...)
-			(&tcOp{Process, tc.path}).test(t, sys.ops, []Op{&ACL{Process, tc.path, tc.perms}}, "UpdatePerm")
+			(&tcOp{Process, tc.path}).test(t, sys.ops, []Op{&ACL{Process, tc.path, tc.perms, false}}, "UpdatePerm")
 		})
 	}
 }
@ -42,7 +42,7 @@ func TestUpdatePermType(t *testing.T) {
 		t.Run(tc.path+"_"+TypeString(tc.et)+permSubTestSuffix(tc.perms), func(t *testing.T) {
 			sys := New(150)
 			sys.UpdatePermType(tc.et, tc.path, tc.perms...)
-			tc.test(t, sys.ops, []Op{&ACL{tc.et, tc.path, tc.perms}}, "UpdatePermType")
+			tc.test(t, sys.ops, []Op{&ACL{tc.et, tc.path, tc.perms, false}}, "UpdatePermType")
 		})
 	}
 }
--- a/test/sandbox/case/device.nix
+++ b/test/sandbox/case/device.nix
@ -243,7 +243,7 @@ in
    seccomp = true;
    try_socket = "/tmp/.X11-unix/X0";
-    socket_abstract = true;
+    socket_abstract = false;
    socket_pathname = true;
  };
 }
--- a/test/sandbox/case/mapuid.nix
+++ b/test/sandbox/case/mapuid.nix
@ -269,7 +269,7 @@ in
    seccomp = true;
    try_socket = "/tmp/.X11-unix/X0";
-    socket_abstract = true;
+    socket_abstract = false;
    socket_pathname = false;
  };
 }
--- a/test/sandbox/case/pdlike.nix
+++ b/test/sandbox/case/pdlike.nix
@ -264,7 +264,7 @@ in
    seccomp = true;
    try_socket = "/tmp/.X11-unix/X0";
-    socket_abstract = true;
+    socket_abstract = false;
    socket_pathname = false;
  };
 }
--- a/test/sandbox/case/preset.nix
+++ b/test/sandbox/case/preset.nix
@ -262,7 +262,7 @@ in
    seccomp = true;
    try_socket = "/tmp/.X11-unix/X0";
-    socket_abstract = true;
+    socket_abstract = false;
    socket_pathname = false;
  };
 }
--- a/test/sandbox/case/tty.nix
+++ b/test/sandbox/case/tty.nix
@ -275,7 +275,7 @@ in
    seccomp = true;
    try_socket = "/tmp/.X11-unix/X0";
-    socket_abstract = true;
+    socket_abstract = false;
    socket_pathname = true;
  };
 }
Author	SHA1	Message	Date
Clayton Gilmer	c9eeafbbf0	container: optionally isolate host abstract UNIX domain sockets via landlock Some checks failed Test / Create distribution (pull_request) Failing after 32s Details Test / Sandbox (pull_request) Failing after 51s Details Test / Sandbox (race detector) (pull_request) Failing after 54s Details Test / Hpkg (pull_request) Failing after 56s Details Test / Hakurei (pull_request) Failing after 1m9s Details Test / Hakurei (race detector) (push) Failing after 1m0s Details Test / Hakurei (push) Failing after 1m11s Details Test / Hakurei (race detector) (pull_request) Failing after 1m18s Details Test / Flake checks (pull_request) Has been skipped Details Test / Create distribution (push) Failing after 30s Details Test / Sandbox (push) Failing after 49s Details Test / Hpkg (push) Failing after 48s Details Test / Sandbox (race detector) (push) Failing after 51s Details Test / Flake checks (push) Has been skipped Details	2025-08-18 11:50:05 +09:00
Ophestra	2f1d42c8dd	app: set up acl on X11 socket The socket is typically owned by the priv-user, and inaccessible by the target user, so just allowing access to the directory is not enough. This change fixes this oversight and add checks that will also be useful for merging #1. Signed-off-by: Ophestra <cat@gensokyo.uk> # Conflicts: # test/sandbox/case/device.nix # test/sandbox/case/tty.nix	2025-08-18 11:49:49 +09:00
		`@ -1,3 +0,0 @@`
			`#pragma once`

			`int hakurei_scope_abstract_unix_sockets(int* p_errno, int fd);`