29 Oct
2020
29 Oct
'20
1:06 a.m.
On Tue, Oct 27, 2020 at 9:04 PM Mickaël Salaün mic@digikod.net wrote:
Process's credentials point to a Landlock domain, which is underneath implemented with a ruleset. In the following commits, this domain is used to check and enforce the ptrace and filesystem security policies. A domain is inherited from a parent to its child the same way a thread inherits a seccomp policy.
Cc: James Morris jmorris@namei.org Cc: Jann Horn jannh@google.com Cc: Kees Cook keescook@chromium.org Cc: Serge E. Hallyn serge@hallyn.com Signed-off-by: Mickaël Salaün mic@linux.microsoft.com
Reviewed-by: Jann Horn jannh@google.com