Re: [PATCH v22 03/12] landlock: Set up the security framework and manage credentials

[PATCH v22 00/12] Landlock LSM · Mickaël Salaün <mic@digikod.net> · 2020-10-27
[PATCH v22 03/12] landlock: Set up the security framework and manage credentials · Mickaël Salaün <mic@digikod.net> · 2020-10-27
Re: [PATCH v22 03/12] landlock: Set up the security framework and manage credentials · Jann Horn <jannh@google.com> · 2020-10-29
[PATCH v22 04/12] landlock: Add ptrace restrictions · Mickaël Salaün <mic@digikod.net> · 2020-10-27
Re: [PATCH v22 04/12] landlock: Add ptrace restrictions · Jann Horn <jannh@google.com> · 2020-10-29
[PATCH v22 05/12] LSM: Infrastructure management of the superblock · Mickaël Salaün <mic@digikod.net> · 2020-10-27
Re: [PATCH v22 05/12] LSM: Infrastructure management of the superblock · James Morris <jmorris@namei.org> · 2020-10-29
[PATCH v22 08/12] landlock: Add syscall implementations · Mickaël Salaün <mic@digikod.net> · 2020-10-27
Re: [PATCH v22 08/12] landlock: Add syscall implementations · Jann Horn <jannh@google.com> · 2020-10-29
Re: [PATCH v22 08/12] landlock: Add syscall implementations · Mickaël Salaün <mic@digikod.net> · 2020-10-29
Re: [PATCH v22 08/12] landlock: Add syscall implementations · Jann Horn <jannh@google.com> · 2020-10-30
Re: [PATCH v22 08/12] landlock: Add syscall implementations · Mickaël Salaün <mic@digikod.net> · 2020-10-30
[PATCH v22 12/12] landlock: Add user and kernel documentation · Mickaël Salaün <mic@digikod.net> · 2020-10-27
Re: [PATCH v22 12/12] landlock: Add user and kernel documentation · Jann Horn <jannh@google.com> · 2020-10-29
Re: [PATCH v22 12/12] landlock: Add user and kernel documentation · Mickaël Salaün <mic@digikod.net> · 2020-10-29
[PATCH v22 10/12] selftests/landlock: Add user space tests · Mickaël Salaün <mic@digikod.net> · 2020-10-27
[PATCH v22 07/12] landlock: Support filesystem access-control · Mickaël Salaün <mic@digikod.net> · 2020-10-27
Re: [PATCH v22 07/12] landlock: Support filesystem access-control · Jann Horn <jannh@google.com> · 2020-10-29
Re: [PATCH v22 07/12] landlock: Support filesystem access-control · Mickaël Salaün <mic@digikod.net> · 2020-10-29
Re: [PATCH v22 07/12] landlock: Support filesystem access-control · Mickaël Salaün <mic@digikod.net> · 2020-11-03
[PATCH v22 06/12] fs,security: Add sb_delete hook · Mickaël Salaün <mic@digikod.net> · 2020-10-27
Re: [PATCH v22 06/12] fs,security: Add sb_delete hook · Jann Horn <jannh@google.com> · 2020-10-29
Re: [PATCH v22 06/12] fs,security: Add sb_delete hook · James Morris <jmorris@namei.org> · 2020-10-29
[PATCH v22 11/12] samples/landlock: Add a sandbox manager example · Mickaël Salaün <mic@digikod.net> · 2020-10-27
[PATCH v22 02/12] landlock: Add ruleset and domain management · Mickaël Salaün <mic@digikod.net> · 2020-10-27
Re: [PATCH v22 02/12] landlock: Add ruleset and domain management · Jann Horn <jannh@google.com> · 2020-10-29
Re: [PATCH v22 02/12] landlock: Add ruleset and domain management · Mickaël Salaün <mic@digikod.net> · 2020-10-29
[PATCH v22 09/12] arch: Wire up Landlock syscalls · Mickaël Salaün <mic@digikod.net> · 2020-10-27
Re: [PATCH v22 09/12] arch: Wire up Landlock syscalls · James Morris <jmorris@namei.org> · 2020-10-29
[PATCH v22 01/12] landlock: Add object management · Mickaël Salaün <mic@digikod.net> · 2020-10-27
Re: [PATCH v22 01/12] landlock: Add object management · Jann Horn <jannh@google.com> · 2020-10-29
Re: [PATCH v22 01/12] landlock: Add object management · Mickaël Salaün <mic@digikod.net> · 2020-10-29
Re: [PATCH v22 01/12] landlock: Add object management · Jann Horn <jannh@google.com> · 2020-10-30
Re: [PATCH v22 01/12] landlock: Add object management · Pavel Machek <hidden> · 2020-11-16
Re: [PATCH v22 01/12] landlock: Add object management · Mickaël Salaün <mic@digikod.net> · 2020-11-16
Re: [PATCH v22 00/12] Landlock LSM · Jann Horn <jannh@google.com> · 2020-10-29
Re: [PATCH v22 00/12] Landlock LSM · Mickaël Salaün <mic@digikod.net> · 2020-10-29

From: Jann Horn <jannh@google.com>
Date: 2020-10-29 01:07:27
Also in: linux-api, linux-arch, linux-fsdevel, linux-kselftest, linux-security-module, lkml

On Tue, Oct 27, 2020 at 9:04 PM Mickaël Salaün [off-list ref] wrote:

Process's credentials point to a Landlock domain, which is underneath
implemented with a ruleset.  In the following commits, this domain is
used to check and enforce the ptrace and filesystem security policies.
A domain is inherited from a parent to its child the same way a thread
inherits a seccomp policy.

Cc: James Morris <jmorris@namei.org>
Cc: Jann Horn <jannh@google.com>
Cc: Kees Cook <redacted>
Cc: Serge E. Hallyn <serge@hallyn.com>
Signed-off-by: Mickaël Salaün <redacted>

Reviewed-by: Jann Horn <jannh@google.com>

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help