subject:"\[PATCH v30 03\/12\] landlock\: Set up the security framework and manage credentials"

Re: [PATCH v30 03/12] landlock: Set up the security framework and manage credentials

2021-03-19 Thread Mickaël Salaün

On 19/03/2021 19:45, Kees Cook wrote: > On Tue, Mar 16, 2021 at 09:42:43PM +0100, Mickaël Salaün wrote: >> config LSM >> string "Ordered list of enabled LSMs" >> -default >> "lockdown,yama,loadpin,safesetid,integrity,smack,selinux,tomoyo,apparmor,bpf" >> if DEFAULT_SECURITY_SMACK >> -

Re: [PATCH v30 03/12] landlock: Set up the security framework and manage credentials

2021-03-19 Thread Kees Cook

On Tue, Mar 16, 2021 at 09:42:43PM +0100, Mickaël Salaün wrote: > config LSM > string "Ordered list of enabled LSMs" > - default > "lockdown,yama,loadpin,safesetid,integrity,smack,selinux,tomoyo,apparmor,bpf" > if DEFAULT_SECURITY_SMACK > - default > "lockdown,yama,loadpin,safeset

[PATCH v30 03/12] landlock: Set up the security framework and manage credentials

2021-03-16 Thread Mickaël Salaün

From: Mickaël Salaün Process's credentials point to a Landlock domain, which is underneath implemented with a ruleset. In the following commits, this domain is used to check and enforce the ptrace and filesystem security policies. A domain is inherited from a parent to its child the same way a t