samples/landlock: Don't error out if a file path cannot be opened

Instead of creating a hard error and aborting the sandbox creation,
accept file path not usable in the LL_FS_RO and LL_FS_RW environment
variables but only print a warning.  This makes it easier to test, for
instance with LL_FS_RO="${PATH}:/usr/lib:/lib"

Print that we are going to execute the command in the sandbox before
doing so.

Rename "launch" to "execute", and improve header description.

Reviewed-by: Günther Noack <gnoack@google.com>
Link: https://lore.kernel.org/r/20240307143849.1517218-1-mic@digikod.net
[mic: Improve header description as suggested by Günther]
Signed-off-by: Mickaël Salaün <mic@digikod.net>

diff --git a/samples/landlock/sandboxer.c b/samples/landlock/sandboxer.c
index 08596c0ef0707c3cb478a4c3c24540020c9848f6..32e930c853bba4d160aa0760ff0c9279e5470477 100644 (file)
--- a/samples/landlock/sandboxer.c
+++ b/samples/landlock/sandboxer.c
@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: BSD-3-Clause
 /*
- * Simple Landlock sandbox manager able to launch a process restricted by a
- * user-defined filesystem access control policy.
+ * Simple Landlock sandbox manager able to execute a process restricted by
+ * user-defined file system and network access control policies.
  *
  * Copyright © 2017-2020 Mickaël Salaün <mic@digikod.net>
  * Copyright © 2020 ANSSI
@@ -120,9 +120,11 @@ static int populate_ruleset_fs(const char *const env_var, const int ruleset_fd,
                if (path_beneath.parent_fd < 0) {
                        fprintf(stderr, "Failed to open \"%s\": %s\n",
                                path_list[i], strerror(errno));
-                       goto out_free_name;
+                       continue;
                }
                if (fstat(path_beneath.parent_fd, &statbuf)) {
+                       fprintf(stderr, "Failed to stat \"%s\": %s\n",
+                               path_list[i], strerror(errno));
                        close(path_beneath.parent_fd);
                        goto out_free_name;
                }
@@ -227,7 +229,7 @@ int main(const int argc, char *const argv[], char *const *const envp)
                        ENV_FS_RO_NAME, ENV_FS_RW_NAME, ENV_TCP_BIND_NAME,
                        ENV_TCP_CONNECT_NAME, argv[0]);
                fprintf(stderr,
-                       "Launch a command in a restricted environment.\n\n");
+                       "Execute a command in a restricted environment.\n\n");
                fprintf(stderr,
                        "Environment variables containing paths and ports "
                        "each separated by a colon:\n");
@@ -248,7 +250,7 @@ int main(const int argc, char *const argv[], char *const *const envp)
                        ENV_TCP_CONNECT_NAME);
                fprintf(stderr,
                        "\nexample:\n"
-                       "%s=\"/bin:/lib:/usr:/proc:/etc:/dev/urandom\" "
+                       "%s=\"${PATH}:/lib:/usr:/proc:/etc:/dev/urandom\" "
                        "%s=\"/dev/null:/dev/full:/dev/zero:/dev/pts:/tmp\" "
                        "%s=\"9418\" "
                        "%s=\"80:443\" "
@@ -383,6 +385,7 @@ int main(const int argc, char *const argv[], char *const *const envp)
 
        cmd_path = argv[1];
        cmd_argv = argv + 1;
+       fprintf(stderr, "Executing the sandboxed command...\n");
        execvpe(cmd_path, cmd_argv, envp);
        fprintf(stderr, "Failed to execute \"%s\": %s\n", cmd_path,
                strerror(errno));