Thread (30 messages) 30 messages, 5 authors, 2016-11-14

Re: [RFC v4 00/18] Landlock LSM: Unprivileged sandboxing

From: Mickaël Salaün <mic@digikod.net>
Date: 2016-10-26 16:57:56
Also in: linux-api, lkml, netdev 

On 26/10/2016 16:52, Jann Horn wrote:
On Wed, Oct 26, 2016 at 08:56:36AM +0200, Mickaël Salaün wrote:
quoted
The loaded Landlock eBPF programs can be triggered by a seccomp filter
returning RET_LANDLOCK. In addition, a cookie (16-bit value) can be passed from
a seccomp filter to eBPF programs. This allow flexible security policies
between seccomp and Landlock.
Is this still up to date, or was that removed in v3?
I forgot to remove this part. In this v4 series, as describe in the
(small) patch 11/18, a Landlock rule cannot be triggered by a seccomp
filter. So there is no more RET_LANDLOCK nor cookie.

Attachments

Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help