container: optionally isolate host abstract UNIX domain sockets via landlock

2025-08-18 11:48:03 +09:00
14 changed files with 53 additions and 54 deletions
--- a/container/container.go
+++ b/container/container.go
@ -92,6 +92,8 @@ type (
 		RetainSession bool
 		// Do not [syscall.CLONE_NEWNET].
 		HostNet bool
 		// Scope abstract UNIX domain sockets using LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET.
 		ScopeAbstract bool
 		// Retain CAP_SYS_ADMIN.
 		Privileged bool
 	}
--- a/container/init.go
+++ b/container/init.go
@ -13,6 +13,7 @@ import (
 	. "syscall"
 	"time"
 	"hakurei.app/container/landlock"
 	"hakurei.app/container/seccomp"
 )
@ -260,6 +261,12 @@ func Init(prepare func(prefix string), setVerbose func(verbose bool)) {
 		msg.Verbose("syscall filter not configured")
 	}
 	if params.ScopeAbstract {
 		if err := landlock.ScopeAbstract(); err != nil {
 			log.Fatalf("could not scope abstract unix sockets: %v", err)
 		}
 	}
 	extraFiles := make([]*os.File, params.Count)
 	for i := range extraFiles {
 		// setup fd is placed before all extra files
--- a/container/landlock/landlock-helper.c
+++ b/container/landlock/landlock-helper.c
@ -0,0 +1,14 @@
 #include <errno.h>
 #include <linux/landlock.h>
 #include <sys/psx_syscall.h>
 #include <sys/syscall.h>
 #include "landlock-helper.h"
 int hakurei_scope_abstract_unix_sockets(int* p_errno, int fd) {
  int res = psx_syscall3(SYS_landlock_restrict_self, fd, 0, 0);
  *p_errno = errno;
  return res;
 }
--- a/container/landlock/landlock-helper.h
+++ b/container/landlock/landlock-helper.h
@ -0,0 +1,3 @@
 #pragma once
 int hakurei_scope_abstract_unix_sockets(int* p_errno, int fd);
--- a/container/landlock/landlock.go
+++ b/container/landlock/landlock.go
@ -1,8 +1,12 @@
 package landlock
 /*
 #cgo linux pkg-config: --static libpsx
 #include <linux/landlock.h>
 #include <sys/syscall.h>
 #include "landlock-helper.h"
 */
 import "C"
@ -17,13 +21,10 @@ const (
 	LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET = C.LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET
 	SYS_LANDLOCK_CREATE_RULESET = C.SYS_landlock_create_ruleset
 	SYS_LANDLOCK_RESTRICT_SELF  = C.SYS_landlock_restrict_self
 )
 type LandlockRulesetAttr = C.struct_landlock_ruleset_attr
 // ScopeAbstract calls landlock_restrict_self and must be called from a goroutine wired to an m
 // with the process starting from the same goroutine.
 func ScopeAbstract() error {
 	abi, _, err := syscall.Syscall(SYS_LANDLOCK_CREATE_RULESET, 0, 0, LANDLOCK_CREATE_RULESET_VERSION)
@ -47,9 +48,10 @@ func ScopeAbstract() error {
 	defer syscall.Close(int(fd))
-	r, _, err := syscall.Syscall(SYS_LANDLOCK_RESTRICT_SELF, fd, 0, 0)
+	var errno C.int
-	if r != 0 {
+	if rv := C.hakurei_scope_abstract_unix_sockets(&errno, C.int(fd)); rv != 0 {
-		return fmt.Errorf("could not restrict self via landlock: errno %v", err)
+		return fmt.Errorf("could not restrict self via landlock: errno %v", errno)
 	}
 	return nil
 }
--- a/internal/app/seal_linux.go
+++ b/internal/app/seal_linux.go
@ -416,22 +416,6 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co
 			seal.sys.ChangeHosts("#" + seal.user.uid.String())
 			seal.env[display] = d
 			seal.container.Bind(socketDir, socketDir, 0)
 			// the socket file at `/tmp/.X11-unix/X%d` is typically owned by the priv user
 			// and not accessible by the target user
 			var socketPath *container.Absolute
 			if len(d) > 1 && d[0] == ':' { // `:%d`
 				if n, err := strconv.Atoi(d[1:]); err == nil && n >= 0 {
 					socketPath = socketDir.Append("X" + strconv.Itoa(n))
 				}
 			} else if len(d) > 5 && strings.HasPrefix(d, "unix:") { // `unix:%s`
 				if a, err := container.NewAbs(d[5:]); err == nil {
 					socketPath = a
 				}
 			}
 			if socketPath != nil {
 				seal.sys.UpdatePermTypeOptional(system.EX11, socketPath.String(), acl.Read, acl.Write, acl.Execute)
 			}
 		}
 	}
--- a/package.nix
+++ b/package.nix
@ -5,6 +5,7 @@
  makeBinaryWrapper,
  xdg-dbus-proxy,
  pkg-config,
  libcap,
  libffi,
  libseccomp,
  acl,
@ -80,10 +81,16 @@ buildGoModule rec {
        hsu = "/run/wrappers/bin/hsu";
      };
  env = {
    # required by libpsx
    CGO_LDFLAGS_ALLOW = "-Wl,(--no-whole-archive|--whole-archive)";
    # nix build environment does not allow acls
-  env.GO_TEST_SKIP_ACL = 1;
+    GO_TEST_SKIP_ACL = 1;
  };
  buildInputs = [
    libcap
    libffi
    libseccomp
    acl
--- a/system/acl.go
+++ b/system/acl.go
@ -21,17 +21,7 @@ func (sys *I) UpdatePermType(et Enablement, path string, perms ...acl.Perm) *I {
 	sys.lock.Lock()
 	defer sys.lock.Unlock()
-	sys.ops = append(sys.ops, &ACL{et, path, perms, false})
+	sys.ops = append(sys.ops, &ACL{et, path, perms})
 	return sys
 }
 // UpdatePermTypeOptional appends an acl update Op that silently continues if the target does not exist.
 func (sys *I) UpdatePermTypeOptional(et Enablement, path string, perms ...acl.Perm) *I {
 	sys.lock.Lock()
 	defer sys.lock.Unlock()
 	sys.ops = append(sys.ops, &ACL{et, path, perms, true})
 	return sys
 }
@ -40,24 +30,14 @@ type ACL struct {
 	et    Enablement
 	path  string
 	perms acl.Perms
 	// since revert operations are cross-process, the success of apply must not affect the outcome of revert
 	skipNotExist bool
 }
 func (a *ACL) Type() Enablement { return a.et }
 func (a *ACL) apply(sys *I) error {
 	msg.Verbose("applying ACL", a)
-	if err := acl.Update(a.path, sys.uid, a.perms...); err != nil {
+	return wrapErrSuffix(acl.Update(a.path, sys.uid, a.perms...),
 		if !a.skipNotExist || !os.IsNotExist(err) {
 			return wrapErrSuffix(err,
 		fmt.Sprintf("cannot apply ACL entry to %q:", a.path))
 		}
 		msg.Verbosef("path %q does not exist", a.path)
 		return nil
 	}
 	return nil
 }
 func (a *ACL) revert(sys *I, ec *Criteria) error {
--- a/system/acl_test.go
+++ b/system/acl_test.go
@ -20,7 +20,7 @@ func TestUpdatePerm(t *testing.T) {
 		t.Run(tc.path+permSubTestSuffix(tc.perms), func(t *testing.T) {
 			sys := New(150)
 			sys.UpdatePerm(tc.path, tc.perms...)
-			(&tcOp{Process, tc.path}).test(t, sys.ops, []Op{&ACL{Process, tc.path, tc.perms, false}}, "UpdatePerm")
+			(&tcOp{Process, tc.path}).test(t, sys.ops, []Op{&ACL{Process, tc.path, tc.perms}}, "UpdatePerm")
 		})
 	}
 }
@ -42,7 +42,7 @@ func TestUpdatePermType(t *testing.T) {
 		t.Run(tc.path+"_"+TypeString(tc.et)+permSubTestSuffix(tc.perms), func(t *testing.T) {
 			sys := New(150)
 			sys.UpdatePermType(tc.et, tc.path, tc.perms...)
-			tc.test(t, sys.ops, []Op{&ACL{tc.et, tc.path, tc.perms, false}}, "UpdatePermType")
+			tc.test(t, sys.ops, []Op{&ACL{tc.et, tc.path, tc.perms}}, "UpdatePermType")
 		})
 	}
 }
--- a/test/sandbox/case/device.nix
+++ b/test/sandbox/case/device.nix
@ -243,7 +243,7 @@ in
    seccomp = true;
    try_socket = "/tmp/.X11-unix/X0";
-    socket_abstract = false;
+    socket_abstract = true;
    socket_pathname = true;
  };
 }
--- a/test/sandbox/case/mapuid.nix
+++ b/test/sandbox/case/mapuid.nix
@ -269,7 +269,7 @@ in
    seccomp = true;
    try_socket = "/tmp/.X11-unix/X0";
-    socket_abstract = false;
+    socket_abstract = true;
    socket_pathname = false;
  };
 }
--- a/test/sandbox/case/pdlike.nix
+++ b/test/sandbox/case/pdlike.nix
@ -264,7 +264,7 @@ in
    seccomp = true;
    try_socket = "/tmp/.X11-unix/X0";
-    socket_abstract = false;
+    socket_abstract = true;
    socket_pathname = false;
  };
 }
--- a/test/sandbox/case/preset.nix
+++ b/test/sandbox/case/preset.nix
@ -262,7 +262,7 @@ in
    seccomp = true;
    try_socket = "/tmp/.X11-unix/X0";
-    socket_abstract = false;
+    socket_abstract = true;
    socket_pathname = false;
  };
 }
--- a/test/sandbox/case/tty.nix
+++ b/test/sandbox/case/tty.nix
@ -275,7 +275,7 @@ in
    seccomp = true;
    try_socket = "/tmp/.X11-unix/X0";
-    socket_abstract = false;
+    socket_abstract = true;
    socket_pathname = true;
  };
 }
		`@ -0,0 +1,3 @@`
							`#pragma once`

							`int hakurei_scope_abstract_unix_sockets(int* p_errno, int fd);`