Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

From: Andy Lutomirski
Date: Tue Aug 30 2016 - 12:06:57 EST

Next message: Kalle Valo: "Re: [PATCH v4] brcmfmac: add missing header dependencies"
Previous message: Corentin LABBE: "Re: [PATCH 4/4] crypto: qce: If total text size is zero, return pre-computed digest"
In reply to: MickaÃl SalaÃn: "Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing (cgroup delegation)"
Next in thread: MickaÃl SalaÃn: "Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Aug 25, 2016 at 3:32 AM, MickaÃl SalaÃn <mic@xxxxxxxxxxx> wrote:
> Hi,
>
> This series is a proof of concept to fill some missing part of seccomp as the
> ability to check syscall argument pointers or creating more dynamic security
> policies. The goal of this new stackable Linux Security Module (LSM) called
> Landlock is to allow any process, including unprivileged ones, to create
> powerful security sandboxes comparable to the Seatbelt/XNU Sandbox or the
> OpenBSD Pledge. This kind of sandbox help to mitigate the security impact of
> bugs or unexpected/malicious behaviors in userland applications.

MickaÃl, will you be at KS and/or LPC?

Next message: Kalle Valo: "Re: [PATCH v4] brcmfmac: add missing header dependencies"
Previous message: Corentin LABBE: "Re: [PATCH 4/4] crypto: qce: If total text size is zero, return pre-computed digest"
In reply to: MickaÃl SalaÃn: "Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing (cgroup delegation)"
Next in thread: MickaÃl SalaÃn: "Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]