On Tue, Oct 27, 2020 at 9:04 PM Mickaël Salaün <[email protected]> wrote: > Process's credentials point to a Landlock domain, which is underneath > implemented with a ruleset. In the following commits, this domain is > used to check and enforce the ptrace and filesystem security policies. > A domain is inherited from a parent to its child the same way a thread > inherits a seccomp policy. > > Cc: James Morris <[email protected]> > Cc: Jann Horn <[email protected]> > Cc: Kees Cook <[email protected]> > Cc: Serge E. Hallyn <[email protected]> > Signed-off-by: Mickaël Salaün <[email protected]>
Reviewed-by: Jann Horn <[email protected]>
