Landlock supports multiple nested sandboxes, so when an operation with filesystem path is attempted, it has to check it against up to 16 nested policies. The way it currently does that is by constructing a matrix of the requested access rights per layer and checking off these matrix entries during the path walk. This is efficient, but it also increases code complexity and I have long had a nagging doubt about whether it is worth the tradeoff. After all, the mental model for using Landlock is that each layer gets checked independently from the next. A more “natural” way to implement this would be to: loop over the layers first, and then do the path walk inside (multiple times). To be clear, my confidence that this would be acceptable performance-wise was always low, but then again, performance can sometimes be counterintuitive, and so it seemed like it might be worthwhile exploring. The refactoring would be a bigger change, but luckily we have a very comprehensive suite of kernel…
No comments yet. Log in to reply on the Fediverse. Comments will appear here.