Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

On 04/10/2016 00:56, Kees Cook wrote: > On Tue, Sep 20, 2016 at 10:08 AM, Mickaël Salaün wrote: >> >> On 15/09/2016 11:19, Pavel Machek wrote: >>> Hi! >>> This series is a proof of concept to fill some missing part of seccomp as the ability to check syscall

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

On 04/10/2016 00:56, Kees Cook wrote: > On Tue, Sep 20, 2016 at 10:08 AM, Mickaël Salaün wrote: >> >> On 15/09/2016 11:19, Pavel Machek wrote: >>> Hi! >>> This series is a proof of concept to fill some missing part of seccomp as the ability to check syscall argument pointers or

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

On Tue, Sep 20, 2016 at 10:08 AM, Mickaël Salaün wrote: > > On 15/09/2016 11:19, Pavel Machek wrote: >> Hi! >> >>> This series is a proof of concept to fill some missing part of seccomp as >>> the >>> ability to check syscall argument pointers or creating more dynamic security

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

On Tue, Sep 20, 2016 at 10:08 AM, Mickaël Salaün wrote: > > On 15/09/2016 11:19, Pavel Machek wrote: >> Hi! >> >>> This series is a proof of concept to fill some missing part of seccomp as >>> the >>> ability to check syscall argument pointers or creating more dynamic security >>> policies. The

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

On Tue 2016-09-20 19:08:23, Mickaël Salaün wrote: > > On 15/09/2016 11:19, Pavel Machek wrote: > > Hi! > > > >> This series is a proof of concept to fill some missing part of seccomp as > >> the > >> ability to check syscall argument pointers or creating more dynamic > >> security > >>

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

On Tue 2016-09-20 19:08:23, Mickaël Salaün wrote: > > On 15/09/2016 11:19, Pavel Machek wrote: > > Hi! > > > >> This series is a proof of concept to fill some missing part of seccomp as > >> the > >> ability to check syscall argument pointers or creating more dynamic > >> security > >>

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

On 15/09/2016 11:19, Pavel Machek wrote: > Hi! > >> This series is a proof of concept to fill some missing part of seccomp as the >> ability to check syscall argument pointers or creating more dynamic security >> policies. The goal of this new stackable Linux Security Module (LSM) called >>

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

On 15/09/2016 11:19, Pavel Machek wrote: > Hi! > >> This series is a proof of concept to fill some missing part of seccomp as the >> ability to check syscall argument pointers or creating more dynamic security >> policies. The goal of this new stackable Linux Security Module (LSM) called >>

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

Hi! > This series is a proof of concept to fill some missing part of seccomp as the > ability to check syscall argument pointers or creating more dynamic security > policies. The goal of this new stackable Linux Security Module (LSM) called > Landlock is to allow any process, including

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

Hi! > This series is a proof of concept to fill some missing part of seccomp as the > ability to check syscall argument pointers or creating more dynamic security > policies. The goal of this new stackable Linux Security Module (LSM) called > Landlock is to allow any process, including

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

On Tue, Aug 30, 2016 at 12:51 PM, Mickaël Salaün wrote: > > On 30/08/2016 18:06, Andy Lutomirski wrote: >> On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün wrote: >>> Hi, >>> >>> This series is a proof of concept to fill some missing part of seccomp as >>> the

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

On Tue, Aug 30, 2016 at 12:51 PM, Mickaël Salaün wrote: > > On 30/08/2016 18:06, Andy Lutomirski wrote: >> On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün wrote: >>> Hi, >>> >>> This series is a proof of concept to fill some missing part of seccomp as >>> the >>> ability to check syscall

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

On 30/08/2016 18:06, Andy Lutomirski wrote: > On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün wrote: >> Hi, >> >> This series is a proof of concept to fill some missing part of seccomp as the >> ability to check syscall argument pointers or creating more dynamic security >>

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

On 30/08/2016 18:06, Andy Lutomirski wrote: > On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün wrote: >> Hi, >> >> This series is a proof of concept to fill some missing part of seccomp as the >> ability to check syscall argument pointers or creating more dynamic security >> policies. The goal of

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün wrote: > Hi, > > This series is a proof of concept to fill some missing part of seccomp as the > ability to check syscall argument pointers or creating more dynamic security > policies. The goal of this new stackable Linux Security

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün wrote: > Hi, > > This series is a proof of concept to fill some missing part of seccomp as the > ability to check syscall argument pointers or creating more dynamic security > policies. The goal of this new stackable Linux Security Module (LSM)

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing (cgroup delegation)

Cc Tejun and the cgroups ML. On 27/08/2016 17:10, Mickaël Salaün wrote: > On 27/08/2016 09:40, Andy Lutomirski wrote: >> On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün wrote: >>> >>> # Sandbox example with conditional access control depending on cgroup >>> >>> $ mkdir

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing (cgroup delegation)

Cc Tejun and the cgroups ML. On 27/08/2016 17:10, Mickaël Salaün wrote: > On 27/08/2016 09:40, Andy Lutomirski wrote: >> On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün wrote: >>> >>> # Sandbox example with conditional access control depending on cgroup >>> >>> $ mkdir /sys/fs/cgroup/sandboxed

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

On 27/08/2016 09:40, Andy Lutomirski wrote: > On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün wrote: >> Hi, >> >> This series is a proof of concept to fill some missing part of seccomp as the >> ability to check syscall argument pointers or creating more dynamic security >>

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

On 27/08/2016 09:40, Andy Lutomirski wrote: > On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün wrote: >> Hi, >> >> This series is a proof of concept to fill some missing part of seccomp as the >> ability to check syscall argument pointers or creating more dynamic security >> policies. The goal of

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün wrote: > Hi, > > This series is a proof of concept to fill some missing part of seccomp as the > ability to check syscall argument pointers or creating more dynamic security > policies. The goal of this new stackable Linux Security

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün wrote: > Hi, > > This series is a proof of concept to fill some missing part of seccomp as the > ability to check syscall argument pointers or creating more dynamic security > policies. The goal of this new stackable Linux Security Module (LSM)

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

On 25/08/2016 13:05, Andy Lutomirski wrote: > On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün wrote: >> Hi, >> >> This series is a proof of concept to fill some missing part of seccomp as the >> ability to check syscall argument pointers or creating more dynamic security >>

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

On 25/08/2016 13:05, Andy Lutomirski wrote: > On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün wrote: >> Hi, >> >> This series is a proof of concept to fill some missing part of seccomp as the >> ability to check syscall argument pointers or creating more dynamic security >> policies. The goal of

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün wrote: > Hi, > > This series is a proof of concept to fill some missing part of seccomp as the > ability to check syscall argument pointers or creating more dynamic security > policies. The goal of this new stackable Linux Security

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün wrote: > Hi, > > This series is a proof of concept to fill some missing part of seccomp as the > ability to check syscall argument pointers or creating more dynamic security > policies. The goal of this new stackable Linux Security Module (LSM)

[RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

Hi, This series is a proof of concept to fill some missing part of seccomp as the ability to check syscall argument pointers or creating more dynamic security policies. The goal of this new stackable Linux Security Module (LSM) called Landlock is to allow any process, including unprivileged ones,

[RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

Hi, This series is a proof of concept to fill some missing part of seccomp as the ability to check syscall argument pointers or creating more dynamic security policies. The goal of this new stackable Linux Security Module (LSM) called Landlock is to allow any process, including unprivileged ones,