On 28/11/2022 03:49, Konstantin Meskhidze (A) wrote:
11/16/2022 5:25 PM, Mickaël Salaün пишет:
On 21/10/2022 17:26, Konstantin Meskhidze wrote:
This commit adds network demo. It's possible to allow a sandboxer to
bind/connect to a list of particular ports restricting network
actions to the rest of ports.
Signed-off-by: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
---
[...]
+ access_net_tcp &= ~LANDLOCK_ACCESS_NET_BIND_TCP;
+ }
+ /* Removes connect access attribute if not supported by a user. */
+ env_port_name = getenv(ENV_TCP_CONNECT_NAME);
+ if (!env_port_name) {
+ access_net_tcp &= ~LANDLOCK_ACCESS_NET_CONNECT_TCP;
+ }
+ ruleset_attr.handled_access_net &= access_net_tcp;
There is no need for access_net_tcp.
Do you mean to delete this var?
Yes
