forked from torvalds/linux
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
lsm: adds process attribute getter for Landlock
Adds a new getprocattr hook function to the Landlock LSM, which tracks the landlocked state of the process. This is invoked when user-space reads /proc/[pid]/attr/domain to determine whether a given process is sand-boxed using Landlock. When the target process is not sand-boxed, the result is "none", otherwise the result is empty, as we still need to decide what kind of domain information is best to provide in "domain". The hook function also performs an access check. The request is rejected if the tracing process is the same as the target process, or if the tracing process domain is not an ancestor to the target process domain. Adds a new directory for landlock under the process attribute filesystem, and defines "domain" as a read-only process attribute entry for landlock. Signed-off-by: Shervin Oloumi <enlightened@chromium.org>
- Loading branch information
1 parent
457391b
commit be54dbd
Showing
5 changed files
with
55 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters