On 26/10/2016 16:52, Jann Horn wrote: > On Wed, Oct 26, 2016 at 08:56:36AM +0200, Mickaël Salaün wrote: >> The loaded Landlock eBPF programs can be triggered by a seccomp filter >> returning RET_LANDLOCK. In addition, a cookie (16-bit value) can be passed from >> a seccomp filter to eBPF programs. This allow flexible security policies >> between seccomp and Landlock. > > Is this still up to date, or was that removed in v3? > I forgot to remove this part. In this v4 series, as describe in the (small) patch 11/18, a Landlock rule cannot be triggered by a seccomp filter. So there is no more RET_LANDLOCK nor cookie.
Attachment:
signature.asc
Description: OpenPGP digital signature
