On Tue, Mar 23, 2021 at 8:22 PM Mickaël Salaün wrote:
> On 23/03/2021 18:49, Jann Horn wrote:
> > On Tue, Mar 23, 2021 at 4:54 PM Mickaël Salaün wrote:
> >> On 23/03/2021 01:13, Jann Horn wrote:
> >>> On Tue, Mar 16, 2021 at 9:43 PM Mickaël Salaün wrote:
> Using Landlock objects and rulese
On 19/03/2021 20:19, Mickaël Salaün wrote:
>
> On 19/03/2021 19:57, Kees Cook wrote:
>> On Tue, Mar 16, 2021 at 09:42:47PM +0100, Mickaël Salaün wrote:
>>> From: Mickaël Salaün
>>>
>>> Using Landlock objects and ruleset, it is possible to tag inodes
>>> according to a process's domain. To enab
On 23/03/2021 18:49, Jann Horn wrote:
> On Tue, Mar 23, 2021 at 4:54 PM Mickaël Salaün wrote:
>> On 23/03/2021 01:13, Jann Horn wrote:
>>> On Tue, Mar 16, 2021 at 9:43 PM Mickaël Salaün wrote:
Using Landlock objects and ruleset, it is possible to tag inodes
according to a process's d
On Tue, Mar 23, 2021 at 4:54 PM Mickaël Salaün wrote:
> On 23/03/2021 01:13, Jann Horn wrote:
> > On Tue, Mar 16, 2021 at 9:43 PM Mickaël Salaün wrote:
> >> Using Landlock objects and ruleset, it is possible to tag inodes
> >> according to a process's domain.
> > [...]
> >> +static void release_
On 23/03/2021 01:13, Jann Horn wrote:
> On Tue, Mar 16, 2021 at 9:43 PM Mickaël Salaün wrote:
>> Using Landlock objects and ruleset, it is possible to tag inodes
>> according to a process's domain.
> [...]
>> +static void release_inode(struct landlock_object *const object)
>> + __releases
On Tue, Mar 16, 2021 at 9:43 PM Mickaël Salaün wrote:
> Using Landlock objects and ruleset, it is possible to tag inodes
> according to a process's domain.
[...]
> +static void release_inode(struct landlock_object *const object)
> + __releases(object->lock)
> +{
> + struct inode *cons
On 19/03/2021 19:57, Kees Cook wrote:
> On Tue, Mar 16, 2021 at 09:42:47PM +0100, Mickaël Salaün wrote:
>> From: Mickaël Salaün
>>
>> Using Landlock objects and ruleset, it is possible to tag inodes
>> according to a process's domain. To enable an unprivileged process to
>> express a file hiera
On Tue, Mar 16, 2021 at 09:42:47PM +0100, Mickaël Salaün wrote:
> From: Mickaël Salaün
>
> Using Landlock objects and ruleset, it is possible to tag inodes
> according to a process's domain. To enable an unprivileged process to
> express a file hierarchy, it first needs to open a directory (or a
> This commit adds a minimal set of supported filesystem access-control
> which doesn't enable to restrict all file-related actions.
It would be great to get some more review/acks on this patch, particularly
from VFS/FS folk.
--
James Morris
From: Mickaël Salaün
Using Landlock objects and ruleset, it is possible to tag inodes
according to a process's domain. To enable an unprivileged process to
express a file hierarchy, it first needs to open a directory (or a file)
and pass this file descriptor to the kernel through
landlock_add_ru
10 matches
Mail list logo