Re: [RFC v3 11/22] seccomp,landlock: Handle Landlock hooks per process hierarchy

2016-10-05 Thread Mickaël Salaün
On 04/10/2016 01:52, Kees Cook wrote: > On Wed, Sep 14, 2016 at 3:34 PM, Mickaël Salaün wrote: >> >> On 14/09/2016 20:43, Andy Lutomirski wrote: >>> On Wed, Sep 14, 2016 at 12:24 AM, Mickaël Salaün wrote: A Landlock program will be triggered according

Re: [RFC v3 11/22] seccomp,landlock: Handle Landlock hooks per process hierarchy

2016-10-05 Thread Mickaël Salaün
On 04/10/2016 01:52, Kees Cook wrote: > On Wed, Sep 14, 2016 at 3:34 PM, Mickaël Salaün wrote: >> >> On 14/09/2016 20:43, Andy Lutomirski wrote: >>> On Wed, Sep 14, 2016 at 12:24 AM, Mickaël Salaün wrote: A Landlock program will be triggered according to its subtype/origin bitfield.

Re: [RFC v3 11/22] seccomp,landlock: Handle Landlock hooks per process hierarchy

2016-10-03 Thread Kees Cook
On Wed, Sep 14, 2016 at 3:34 PM, Mickaël Salaün wrote: > > On 14/09/2016 20:43, Andy Lutomirski wrote: >> On Wed, Sep 14, 2016 at 12:24 AM, Mickaël Salaün wrote: >>> A Landlock program will be triggered according to its subtype/origin >>> bitfield. The

Re: [RFC v3 11/22] seccomp,landlock: Handle Landlock hooks per process hierarchy

2016-10-03 Thread Kees Cook
On Wed, Sep 14, 2016 at 3:34 PM, Mickaël Salaün wrote: > > On 14/09/2016 20:43, Andy Lutomirski wrote: >> On Wed, Sep 14, 2016 at 12:24 AM, Mickaël Salaün wrote: >>> A Landlock program will be triggered according to its subtype/origin >>> bitfield. The LANDLOCK_FLAG_ORIGIN_SECCOMP value will

Re: [RFC v3 11/22] seccomp,landlock: Handle Landlock hooks per process hierarchy

2016-09-14 Thread Mickaël Salaün
On 14/09/2016 20:43, Andy Lutomirski wrote: > On Wed, Sep 14, 2016 at 12:24 AM, Mickaël Salaün wrote: >> A Landlock program will be triggered according to its subtype/origin >> bitfield. The LANDLOCK_FLAG_ORIGIN_SECCOMP value will trigger the >> Landlock program when a seccomp

Re: [RFC v3 11/22] seccomp,landlock: Handle Landlock hooks per process hierarchy

2016-09-14 Thread Mickaël Salaün
On 14/09/2016 20:43, Andy Lutomirski wrote: > On Wed, Sep 14, 2016 at 12:24 AM, Mickaël Salaün wrote: >> A Landlock program will be triggered according to its subtype/origin >> bitfield. The LANDLOCK_FLAG_ORIGIN_SECCOMP value will trigger the >> Landlock program when a seccomp filter will return

Re: [RFC v3 11/22] seccomp,landlock: Handle Landlock hooks per process hierarchy

2016-09-14 Thread Andy Lutomirski
On Wed, Sep 14, 2016 at 12:24 AM, Mickaël Salaün wrote: > A Landlock program will be triggered according to its subtype/origin > bitfield. The LANDLOCK_FLAG_ORIGIN_SECCOMP value will trigger the > Landlock program when a seccomp filter will return RET_LANDLOCK. > Moreover, it is

Re: [RFC v3 11/22] seccomp,landlock: Handle Landlock hooks per process hierarchy

2016-09-14 Thread Andy Lutomirski
On Wed, Sep 14, 2016 at 12:24 AM, Mickaël Salaün wrote: > A Landlock program will be triggered according to its subtype/origin > bitfield. The LANDLOCK_FLAG_ORIGIN_SECCOMP value will trigger the > Landlock program when a seccomp filter will return RET_LANDLOCK. > Moreover, it is possible to

[RFC v3 11/22] seccomp,landlock: Handle Landlock hooks per process hierarchy

2016-09-14 Thread Mickaël Salaün
A Landlock program will be triggered according to its subtype/origin bitfield. The LANDLOCK_FLAG_ORIGIN_SECCOMP value will trigger the Landlock program when a seccomp filter will return RET_LANDLOCK. Moreover, it is possible to return a 16-bit cookie which will be readable by the Landlock programs

[RFC v3 11/22] seccomp,landlock: Handle Landlock hooks per process hierarchy

2016-09-14 Thread Mickaël Salaün
A Landlock program will be triggered according to its subtype/origin bitfield. The LANDLOCK_FLAG_ORIGIN_SECCOMP value will trigger the Landlock program when a seccomp filter will return RET_LANDLOCK. Moreover, it is possible to return a 16-bit cookie which will be readable by the Landlock programs