On Fri, Mar 31, 2017 at 2:15 PM, Mickaël Salaün wrote:
>
>
> On 29/03/2017 12:35, Djalal Harouni wrote:
>> On Wed, Mar 29, 2017 at 1:46 AM, Mickaël Salaün wrote:
>
>>> @@ -25,6 +30,9 @@ struct seccomp_filter;
>>> struct seccomp {
>>> int mode;
>>> struct seccomp_filter *filter;
>
On 29/03/2017 12:35, Djalal Harouni wrote:
> On Wed, Mar 29, 2017 at 1:46 AM, Mickaël Salaün wrote:
>> @@ -25,6 +30,9 @@ struct seccomp_filter;
>> struct seccomp {
>> int mode;
>> struct seccomp_filter *filter;
>> +#if defined(CONFIG_SECCOMP_FILTER) && defined(CONFIG_SECURITY_L
On Wed, Mar 29, 2017 at 1:46 AM, Mickaël Salaün wrote:
> The seccomp(2) syscall can be used by a task to apply a Landlock rule to
> itself. As a seccomp filter, a Landlock rule is enforced for the current
> task and all its future children. A rule is immutable and a task can
> only add new restric