On 14/11/2016 11:35, Sargun Dhillon wrote:
> Was there a plan around getting Daniel's patches in as well? Also,
> rather than making these handles landlock-specific, can they be
> implemented in such a way where we can keep track of (some) of these
> in other types of programs?
>
About the map o
On Sun, Nov 13, 2016 at 6:23 AM, Mickaël Salaün wrote:
> Hi,
>
> After the BoF at LPC last week, we came to a multi-step roadmap to
> upstream Landlock.
>
> A first patch series containing the basic properties needed for a
> "minimum viable product", which means being able to test it, without
> fu
On Sun, Nov 13, 2016 at 6:23 AM, Mickaël Salaün wrote:
> Hi,
>
> After the BoF at LPC last week, we came to a multi-step roadmap to
> upstream Landlock.
>
> A first patch series containing the basic properties needed for a
> "minimum viable product", which means being able to test it, without
> fu
Hi,
After the BoF at LPC last week, we came to a multi-step roadmap to
upstream Landlock.
A first patch series containing the basic properties needed for a
"minimum viable product", which means being able to test it, without
full features. The idea is to set in place the main components which
inc
On 26/10/2016 18:56, Mickaël Salaün wrote:
>
> On 26/10/2016 16:52, Jann Horn wrote:
>> On Wed, Oct 26, 2016 at 08:56:36AM +0200, Mickaël Salaün wrote:
>>> The loaded Landlock eBPF programs can be triggered by a seccomp filter
>>> returning RET_LANDLOCK. In addition, a cookie (16-bit value) can be
On 26/10/2016 16:52, Jann Horn wrote:
> On Wed, Oct 26, 2016 at 08:56:36AM +0200, Mickaël Salaün wrote:
>> The loaded Landlock eBPF programs can be triggered by a seccomp filter
>> returning RET_LANDLOCK. In addition, a cookie (16-bit value) can be passed
>> from
>> a seccomp filter to eBPF progr
On Wed, Oct 26, 2016 at 08:56:36AM +0200, Mickaël Salaün wrote:
> The loaded Landlock eBPF programs can be triggered by a seccomp filter
> returning RET_LANDLOCK. In addition, a cookie (16-bit value) can be passed
> from
> a seccomp filter to eBPF programs. This allow flexible security policies
>
Hi,
This fourth RFC brings some improvements over the previous one [1]. An important
new point is the abstraction from the raw types of LSM hook arguments. It is
now possible to call a Landlock function the same way for LSM hooks with
different internal argument types. Some parts of the code are r
