MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-10-22 15:03:53 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
3e0969c9a8
linux-yocto/samples/landlock
History
Mickaël Salaün ec2798d85b
samples/landlock: Enable users to log sandbox denials 
By default, denials from within the sandbox are not logged.  Indeed, the
sandboxer's security policy might not be fitted to the set of sandboxed
processes that could be spawned (e.g. from a shell).

For test purpose, parse the LL_FORCE_LOG environment variable to log
every sandbox denials, including after launching the initial sandboxed
program thanks to LANDLOCK_RESTRICT_SELF_LOG_NEW_EXEC_ON.

Cc: Günther Noack <gnoack@google.com>
Link: https://lore.kernel.org/r/20250320190717.2287696-20-mic@digikod.net
[mic: Remove inappropriate hunk]
Signed-off-by: Mickaël Salaün <mic@digikod.net>
2025-03-26 13:59:44 +01:00
..
.gitignore
Makefile
sandboxer.c samples/landlock: Enable users to log sandbox denials 2025-03-26 13:59:44 +01:00