On 19/03/2021 19:45, Kees Cook wrote:
> On Tue, Mar 16, 2021 at 09:42:43PM +0100, Mickaël Salaün wrote:
>> config LSM
>> string "Ordered list of enabled LSMs"
>> -default
>> "lockdown,yama,loadpin,safesetid,integrity,smack,selinux,tomoyo,apparmor,bpf"
>> if DEFAULT_SECURITY_SMACK
>> -
On Tue, Mar 16, 2021 at 09:42:43PM +0100, Mickaël Salaün wrote:
> config LSM
> string "Ordered list of enabled LSMs"
> - default
> "lockdown,yama,loadpin,safesetid,integrity,smack,selinux,tomoyo,apparmor,bpf"
> if DEFAULT_SECURITY_SMACK
> - default
> "lockdown,yama,loadpin,safeset
From: Mickaël Salaün
Process's credentials point to a Landlock domain, which is underneath
implemented with a ruleset. In the following commits, this domain is
used to check and enforce the ptrace and filesystem security policies.
A domain is inherited from a parent to its child the same way a t
3 matches
Mail list logo