samples/landlock: Clarify option parsing behaviour

Clarify the distinction between filesystem variables (mandatory)
and all others (optional).

For optional variables, explain the difference between unset variables
(no access check performed) and empty variables (nothing allowed for
lists of allowed paths/ports, or no effect for lists of scopes).

List the known LL_SCOPED values and their effect.

Signed-off-by: Matthieu Buffet <matthieu@buffet.re>
Link: https://lore.kernel.org/r/20241019151534.1400605-4-matthieu@buffet.re
[mic: Add a missing colon]
Signed-off-by: Mickaël Salaün <mic@digikod.net>
This commit is contained in:
Matthieu Buffet 2024-10-19 17:15:34 +02:00 committed by Mickaël Salaün
parent f51e55a089
commit 53b9d789df
No known key found for this signature in database
GPG Key ID: E5E3D0E88C82F6D2

View File

@ -296,25 +296,26 @@ out_unset:
/* clang-format off */ /* clang-format off */
static const char help[] = static const char help[] =
"usage: " "usage: " ENV_FS_RO_NAME "=\"...\" " ENV_FS_RW_NAME "=\"...\" "
ENV_FS_RO_NAME "=\"...\" " "[other environment variables] %1$s <cmd> [args]...\n"
ENV_FS_RW_NAME "=\"...\" "
ENV_TCP_BIND_NAME "=\"...\" "
ENV_TCP_CONNECT_NAME "=\"...\" "
ENV_SCOPED_NAME "=\"...\" %1$s <cmd> [args]...\n"
"\n" "\n"
"Execute a command in a restricted environment.\n" "Execute the given command in a restricted environment.\n"
"Multi-valued settings (lists of ports, paths, scopes) are colon-delimited.\n"
"\n" "\n"
"Environment variables containing paths and ports each separated by a colon:\n" "Mandatory settings:\n"
"* " ENV_FS_RO_NAME ": list of paths allowed to be used in a read-only way.\n" "* " ENV_FS_RO_NAME ": paths allowed to be used in a read-only way\n"
"* " ENV_FS_RW_NAME ": list of paths allowed to be used in a read-write way.\n" "* " ENV_FS_RW_NAME ": paths allowed to be used in a read-write way\n"
"\n" "\n"
"Environment variables containing ports are optional and could be skipped.\n" "Optional settings (when not set, their associated access check "
"* " ENV_TCP_BIND_NAME ": list of ports allowed to bind (server).\n" "is always allowed, which is different from an empty string which "
"* " ENV_TCP_CONNECT_NAME ": list of ports allowed to connect (client).\n" "means an empty list):\n"
"* " ENV_SCOPED_NAME ": list of scoped IPCs.\n" "* " ENV_TCP_BIND_NAME ": ports allowed to bind (server)\n"
"* " ENV_TCP_CONNECT_NAME ": ports allowed to connect (client)\n"
"* " ENV_SCOPED_NAME ": actions denied on the outside of the landlock domain\n"
" - \"a\" to restrict opening abstract unix sockets\n"
" - \"s\" to restrict sending signals\n"
"\n" "\n"
"example:\n" "Example:\n"
ENV_FS_RO_NAME "=\"${PATH}:/lib:/usr:/proc:/etc:/dev/urandom\" " ENV_FS_RO_NAME "=\"${PATH}:/lib:/usr:/proc:/etc:/dev/urandom\" "
ENV_FS_RW_NAME "=\"/dev/null:/dev/full:/dev/zero:/dev/pts:/tmp\" " ENV_FS_RW_NAME "=\"/dev/null:/dev/full:/dev/zero:/dev/pts:/tmp\" "
ENV_TCP_BIND_NAME "=\"9418\" " ENV_TCP_BIND_NAME "=\"9418\" "