Skip to content

Creation of whiteout objects is not restrictable #63

Description

@gnoack

With renameat2(2)'s RENAME_WHITEOUT flag, it is possible to create a "whiteout object" at the source of the rename. Whiteout objects appear as
character devices with major/minor (0, 0) -- these are not bound to any driver, so they are harmless, but still, the creation of these files is a directory entry creation which is not restrictable with Landlock (it is not covered by LANDLOCK_ACCESS_FS_MAKE_CHAR either).

I got pushback from Christian Brauner and others when calling these whiteout objects "devices", as they are conceptually different and creating them does not follow the same rules (you don't need the CAP_MKNOD capability either).

But we should be able to control this from Landlock ideally.

The discussions are already slightly dated, so creating a tracking bug for them so we don't forget.

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Type

No type

Fields

No fields configured for issues without a type.

Projects

Status
In review

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions