Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please update the Landlock library #15

Closed
gnoack opened this issue Oct 14, 2024 · 1 comment
Closed

Please update the Landlock library #15

gnoack opened this issue Oct 14, 2024 · 1 comment

Comments

@gnoack
Copy link

gnoack commented Oct 14, 2024

Please update the Landlock library use in this project - the version you are using has a known bug

GHSA-vv6c-69r6-chg9

P.S. Without understanding all details of how you do the networking in your webserver, consider that you do not need to configure the "TCP bind" access right in your policy, if you are doing the net.Listen() before you enable the Landlock policy. That way, you can have a stronger and less complicated policy.

Here is an example where this is done: https://github.com/gnoack/ukuleleweb/blob/main/cmd/ukuleleweb/main.go#L55

Thanks,
—Günther
ngergs added a commit that referenced this issue Oct 14, 2024
@ngergs
fix: dependency updates
a83e06d 
landlock update fixes GHSA-vv6c-69r6-chg9, see issue #15
thanks to @gnoack for pointing this out
ngergs added a commit that referenced this issue Oct 14, 2024
@ngergs
feat: listenGoServe method for server, simplify landlock network rules
0ae233b 
 BREAKING-CHANGE: server.RunTillWaitGroupFinishes has been replaced by a combination of the ListenGoServe method of server.Server and server.ShutdownAfterWaitGroup

thanks to @gnoack for suggesting to apply landlock network restrictions after the net.Listener have started (issue #15)
@ngergs ngergs mentioned this issue Oct 14, 2024
Merged
ngergs added a commit that referenced this issue Oct 14, 2024
@ngergs
feat: listenGoServe method for server, simplify landlock network rules
3b6d4e0 
 BREAKING-CHANGE: server.RunTillWaitGroupFinishes has been replaced by a combination of the ListenGoServe method of server.Server and server.ShutdownAfterWaitGroup

thanks to @gnoack for suggesting to apply landlock network restrictions after the net.Listener have started (issue #15)
ngergs added a commit that referenced this issue Oct 14, 2024
@ngergs
feat: listenGoServe method for server, simplify landlock network rules
5e04804 
 BREAKING-CHANGE: server.RunTillWaitGroupFinishes has been replaced by a combination of the ListenGoServe method of server.Server and server.ShutdownAfterWaitGroup

thanks to @gnoack for suggesting to apply landlock network restrictions after the net.Listener have started (issue #15)
ngergs added a commit that referenced this issue Oct 14, 2024
@ngergs
feat: listenGoServe method for server, simplify landlock network rules
1eee590 
 BREAKING-CHANGE: server.RunTillWaitGroupFinishes has been replaced by a combination of the ListenGoServe method of server.Server and server.ShutdownAfterWaitGroup

thanks to @gnoack for suggesting to apply landlock network restrictions after the net.Listener have started (issue #15)
ngergs added a commit that referenced this issue Oct 14, 2024
@ngergs
feat: listenGoServe method for server, simplify landlock network rules
3e78925 
 BREAKING-CHANGE: server.RunTillWaitGroupFinishes has been replaced by a combination of the ListenGoServe method of server.Server and server.ShutdownAfterWaitGroup

thanks to @gnoack for suggesting to apply landlock network restrictions after the net.Listener have started (issue #15)
ngergs added a commit that referenced this issue Oct 14, 2024
@ngergs
feat: listenGoServe method for server, simplify landlock network rules
7314b74 
 BREAKING-CHANGE: server.RunTillWaitGroupFinishes has been replaced by a combination of the ListenGoServe method of server.Server and server.ShutdownAfterWaitGroup

thanks to @gnoack for suggesting to apply landlock network restrictions after the net.Listener have started (issue #15)
@ngergs
Copy link
Owner

ngergs commented Oct 14, 2024

Hi Günther,

thanks a lot for pointing this out as well as suggested changes 👍

Cheers,
Niklas

@ngergs ngergs closed this as completed Oct 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gnoack @ngergs