Re: [PATCH net-next v7 08/10] bpf: Add a Landlock sandbox example

On 01/09/2017 12:25, Alban Crequy wrote: > Hi Mickaël, > > On 21 August 2017 at 02:09, Mickaël Salaün wrote: >> Add a basic sandbox tool to create a process isolated from some part of >> the system. This sandbox create a read-only environment. It is only >> allowed to write to a character device

Re: [PATCH net-next v7 08/10] bpf: Add a Landlock sandbox example

Hi Mickaël, On 21 August 2017 at 02:09, Mickaël Salaün wrote: > Add a basic sandbox tool to create a process isolated from some part of > the system. This sandbox create a read-only environment. It is only > allowed to write to a character device such as a TTY: ... > + /* > +* This

Re: [PATCH net-next v7 08/10] bpf: Add a Landlock sandbox example

On 24/08/2017 04:59, Alexei Starovoitov wrote: > On Mon, Aug 21, 2017 at 02:09:31AM +0200, Mickaël Salaün wrote: >> Add a basic sandbox tool to create a process isolated from some part of >> the system. This sandbox create a read-only environment. It is only >> allowed to write to a character dev

Re: [PATCH net-next v7 08/10] bpf: Add a Landlock sandbox example

On Mon, Aug 21, 2017 at 02:09:31AM +0200, Mickaël Salaün wrote: > Add a basic sandbox tool to create a process isolated from some part of > the system. This sandbox create a read-only environment. It is only > allowed to write to a character device such as a TTY: > > # :> X > # echo $? > 0 >

[PATCH net-next v7 08/10] bpf: Add a Landlock sandbox example

Add a basic sandbox tool to create a process isolated from some part of the system. This sandbox create a read-only environment. It is only allowed to write to a character device such as a TTY: # :> X # echo $? 0 # ./samples/bpf/landlock1 /bin/sh -i Launching a new sandboxed process. #