subject:"Re\: \[RFC v2 00\/10\] Landlock LSM\: Unprivileged sandboxing"

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

2016-10-05 Thread Mickaël Salaün

On 04/10/2016 00:56, Kees Cook wrote: > On Tue, Sep 20, 2016 at 10:08 AM, Mickaël Salaün wrote: >> >> On 15/09/2016 11:19, Pavel Machek wrote: >>> Hi! >>> This series is a proof of concept to fill some missing part of seccomp as the ability to check syscall

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

2016-10-03 Thread Kees Cook

On Tue, Sep 20, 2016 at 10:08 AM, Mickaël Salaün wrote: > > On 15/09/2016 11:19, Pavel Machek wrote: >> Hi! >> >>> This series is a proof of concept to fill some missing part of seccomp as >>> the >>> ability to check syscall argument pointers or creating more dynamic security

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

2016-09-24 Thread Pavel Machek

On Tue 2016-09-20 19:08:23, Mickaël Salaün wrote: > > On 15/09/2016 11:19, Pavel Machek wrote: > > Hi! > > > >> This series is a proof of concept to fill some missing part of seccomp as > >> the > >> ability to check syscall argument pointers or creating more dynamic > >> security > >>

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

2016-09-20 Thread Mickaël Salaün

On 15/09/2016 11:19, Pavel Machek wrote: > Hi! > >> This series is a proof of concept to fill some missing part of seccomp as the >> ability to check syscall argument pointers or creating more dynamic security >> policies. The goal of this new stackable Linux Security Module (LSM) called >>

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

2016-09-15 Thread Pavel Machek

Hi! > This series is a proof of concept to fill some missing part of seccomp as the > ability to check syscall argument pointers or creating more dynamic security > policies. The goal of this new stackable Linux Security Module (LSM) called > Landlock is to allow any process, including

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

2016-08-30 Thread Andy Lutomirski

On Tue, Aug 30, 2016 at 12:51 PM, Mickaël Salaün wrote: > > On 30/08/2016 18:06, Andy Lutomirski wrote: >> On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün wrote: >>> Hi, >>> >>> This series is a proof of concept to fill some missing part of seccomp as >>> the

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

2016-08-30 Thread Mickaël Salaün

On 30/08/2016 18:06, Andy Lutomirski wrote: > On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün wrote: >> Hi, >> >> This series is a proof of concept to fill some missing part of seccomp as the >> ability to check syscall argument pointers or creating more dynamic security >>

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

2016-08-30 Thread Andy Lutomirski

On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün wrote: > Hi, > > This series is a proof of concept to fill some missing part of seccomp as the > ability to check syscall argument pointers or creating more dynamic security > policies. The goal of this new stackable Linux Security

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing (cgroup delegation)

2016-08-27 Thread Mickaël Salaün

Cc Tejun and the cgroups ML. On 27/08/2016 17:10, Mickaël Salaün wrote: > On 27/08/2016 09:40, Andy Lutomirski wrote: >> On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün wrote: >>> >>> # Sandbox example with conditional access control depending on cgroup >>> >>> $ mkdir

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

2016-08-27 Thread Mickaël Salaün

On 27/08/2016 09:40, Andy Lutomirski wrote: > On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün wrote: >> Hi, >> >> This series is a proof of concept to fill some missing part of seccomp as the >> ability to check syscall argument pointers or creating more dynamic security >>

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

2016-08-27 Thread Andy Lutomirski

On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün wrote: > Hi, > > This series is a proof of concept to fill some missing part of seccomp as the > ability to check syscall argument pointers or creating more dynamic security > policies. The goal of this new stackable Linux Security

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

2016-08-25 Thread Mickaël Salaün

On 25/08/2016 13:05, Andy Lutomirski wrote: > On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün wrote: >> Hi, >> >> This series is a proof of concept to fill some missing part of seccomp as the >> ability to check syscall argument pointers or creating more dynamic security >>

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

2016-08-25 Thread Andy Lutomirski

On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün wrote: > Hi, > > This series is a proof of concept to fill some missing part of seccomp as the > ability to check syscall argument pointers or creating more dynamic security > policies. The goal of this new stackable Linux Security

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing (cgroup delegation)

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

13 matches

Site Navigation

Mail list logo

Footer information