On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün <mic@xxxxxxxxxxx> wrote: > Hi, > > This series is a proof of concept to fill some missing part of seccomp as the > ability to check syscall argument pointers or creating more dynamic security > policies. The goal of this new stackable Linux Security Module (LSM) called > Landlock is to allow any process, including unprivileged ones, to create > powerful security sandboxes comparable to the Seatbelt/XNU Sandbox or the > OpenBSD Pledge. This kind of sandbox help to mitigate the security impact of > bugs or unexpected/malicious behaviors in userland applications. > Maybe I'm missing an obvious description, but: do you have a description of the eBPF API to landlock? What function do you provide, when is it called, what functions can it call, what does the fancy new arraymap do, etc? --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
