On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün <m...@digikod.net> wrote: > Hi, > > This series is a proof of concept to fill some missing part of seccomp as the > ability to check syscall argument pointers or creating more dynamic security > policies. The goal of this new stackable Linux Security Module (LSM) called > Landlock is to allow any process, including unprivileged ones, to create > powerful security sandboxes comparable to the Seatbelt/XNU Sandbox or the > OpenBSD Pledge. This kind of sandbox help to mitigate the security impact of > bugs or unexpected/malicious behaviors in userland applications. >
Maybe I'm missing an obvious description, but: do you have a description of the eBPF API to landlock? What function do you provide, when is it called, what functions can it call, what does the fancy new arraymap do, etc? --Andy
