Summary
When LandlockCompatibility::BestEffort is set (the default, per crates/openshell-policy/src/lib.rs:88), any Landlock error is silently swallowed with a debug-level log at crates/openshell-sandbox/src/sandbox/linux/landlock.rs (lines 69–76).
On kernels older than 5.13 or with Landlock disabled, the filesystem sandbox is completely bypassed with no warning to the operator.
Additionally, the implementation is pinned to Landlock ABI V2 (line 33), missing protections from newer ABIs: V3 adds TRUNCATE, V4 adds network restrictions, V5 adds ioctl scoping.
Impact
- Severity: Medium
- Operators may believe filesystem restrictions are enforced when they are not.
- Newer kernel protections are not leveraged even when available.
Proposed Fix
- Emit a warning-level log (not debug) when Landlock is unavailable or degraded
- Consider making
HardRequirement the default in production deployments
- Use the highest available Landlock ABI via feature detection rather than hardcoding V2
Summary
When
LandlockCompatibility::BestEffortis set (the default, percrates/openshell-policy/src/lib.rs:88), any Landlock error is silently swallowed with a debug-level log atcrates/openshell-sandbox/src/sandbox/linux/landlock.rs(lines 69–76).On kernels older than 5.13 or with Landlock disabled, the filesystem sandbox is completely bypassed with no warning to the operator.
Additionally, the implementation is pinned to Landlock ABI V2 (line 33), missing protections from newer ABIs: V3 adds
TRUNCATE, V4 adds network restrictions, V5 adds ioctl scoping.Impact
Proposed Fix
HardRequirementthe default in production deployments