samples/landlock: Add support for signal scoping - linux

diff options

author	Tahera Fahimi <fahimitahera@gmail.com>	2024-09-06 23:30:07 +0200
committer	Mickaël Salaün <mic@digikod.net>	2024-09-16 23:50:54 +0200
commit	f490e205bcbada6eb6dca8b75a2511685e6bd0f0 (patch)
tree	cfd4fb6c27ed45675d60de9e2b84e663b4fd53a6 /arch/arm/tools
parent	selftests/landlock: Test signal created by out-of-bound message (diff)
download	linux-f490e205bcbada6eb6dca8b75a2511685e6bd0f0.tar.xz linux-f490e205bcbada6eb6dca8b75a2511685e6bd0f0.zip

samples/landlock: Add support for signal scoping

The sandboxer can receive the character "s" as input from the environment variable LL_SCOPE to restrict sandboxed processes from sending signals to processes outside of the sandbox. Example ======= Create a sandboxed shell and pass the character "s" to LL_SCOPED: LL_FS_RO=/ LL_FS_RW=. LL_SCOPED="s" ./sandboxer /bin/bash Try to send a SIGTRAP to a process with process ID <PID> through: kill -SIGTRAP <PID> The sandboxed process should not be able to send the signal. Signed-off-by: Tahera Fahimi <fahimitahera@gmail.com> Link: https://lore.kernel.org/r/1f3f1992b2abeb8e5d7aa61b854e1b0721978b9a.1725657728.git.fahimitahera@gmail.com [mic: Improve commit message, simplify code, rebase on previous sample change] Signed-off-by: Mickaël Salaün <mic@digikod.net>

Diffstat (limited to 'arch/arm/tools')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: