[RFC PATCH v1 0/3] Use socket's Landlock domain
Mickaël Salaün
mic at digikod.net
Fri Jul 19 15:06:15 UTC 2024
Hi,
While the current approach works, I think we should change the way
Landlock restricts network actions. Because this feature is relatively
new, we can still fix this inconsistency. In a nutshell, let's follow a
more capability-based model. Please let me know what you think.
Regards,
Mickaël Salaün (3):
landlock: Use socket's domain instead of current's domain
selftests/landlock: Add test for socket's domain
landlock: Document network restrictions tied to sockets
Documentation/userspace-api/landlock.rst | 4 ++-
security/landlock/net.c | 22 ++++++++--------
tools/testing/selftests/landlock/net_test.c | 29 +++++++++++++++++++++
3 files changed, 43 insertions(+), 12 deletions(-)
base-commit: f4b89d8ce5a835afa51404977ee7e3889c2b9722
--
2.45.2
More information about the Linux-security-module-archive
mailing list