On Tue, Oct 27, 2020 at 9:04 PM Mickaël Salaün <mic@xxxxxxxxxxx> wrote: > Process's credentials point to a Landlock domain, which is underneath > implemented with a ruleset. In the following commits, this domain is > used to check and enforce the ptrace and filesystem security policies. > A domain is inherited from a parent to its child the same way a thread > inherits a seccomp policy. > > Cc: James Morris <jmorris@xxxxxxxxx> > Cc: Jann Horn <jannh@xxxxxxxxxx> > Cc: Kees Cook <keescook@xxxxxxxxxxxx> > Cc: Serge E. Hallyn <serge@xxxxxxxxxx> > Signed-off-by: Mickaël Salaün <mic@xxxxxxxxxxxxxxxxxxx> Reviewed-by: Jann Horn <jannh@xxxxxxxxxx>
