Re: [PATCH bpf-next v8 08/11] landlock: Add ptrace restrictions

On 03/06/2018 11:28 PM, Mickaël Salaün wrote: > > On 28/02/2018 01:09, Andy Lutomirski wrote: >> On Wed, Feb 28, 2018 at 12:00 AM, Mickaël Salaün wrote: >>> >>> On 28/02/2018 00:23, Andy Lutomirski wrote: On Tue, Feb 27, 2018 at 11:02 PM, Andy Lutomirski wrote: > On Tue, Feb 27, 2018 a

Re: [PATCH bpf-next v8 08/11] landlock: Add ptrace restrictions

On 28/02/2018 01:09, Andy Lutomirski wrote: > On Wed, Feb 28, 2018 at 12:00 AM, Mickaël Salaün wrote: >> >> On 28/02/2018 00:23, Andy Lutomirski wrote: >>> On Tue, Feb 27, 2018 at 11:02 PM, Andy Lutomirski wrote: On Tue, Feb 27, 2018 at 10:14 PM, Mickaël Salaün wrote: > I thi

Re: [PATCH bpf-next v8 08/11] landlock: Add ptrace restrictions

On Wed, Feb 28, 2018 at 12:00 AM, Mickaël Salaün wrote: > > On 28/02/2018 00:23, Andy Lutomirski wrote: >> On Tue, Feb 27, 2018 at 11:02 PM, Andy Lutomirski wrote: >>> On Tue, Feb 27, 2018 at 10:14 PM, Mickaël Salaün wrote: >>> >>> I think you're wrong here. Any sane container trying to us

Re: [PATCH bpf-next v8 08/11] landlock: Add ptrace restrictions

On 28/02/2018 00:23, Andy Lutomirski wrote: > On Tue, Feb 27, 2018 at 11:02 PM, Andy Lutomirski wrote: >> On Tue, Feb 27, 2018 at 10:14 PM, Mickaël Salaün wrote: >>> >>> On 27/02/2018 06:01, Andy Lutomirski wrote: > On Feb 26, 2018, at 8:17 PM, Andy Lutomirski wrote: > >>

Re: [PATCH bpf-next v8 08/11] landlock: Add ptrace restrictions

On Tue, Feb 27, 2018 at 11:02 PM, Andy Lutomirski wrote: > On Tue, Feb 27, 2018 at 10:14 PM, Mickaël Salaün wrote: >> >> On 27/02/2018 06:01, Andy Lutomirski wrote: >>> >>> On Feb 26, 2018, at 8:17 PM, Andy Lutomirski wrote: > On Tue, Feb 27, 2018 at 12:41 AM, Mickaël Salaün wrote

Re: [PATCH bpf-next v8 08/11] landlock: Add ptrace restrictions

On Tue, Feb 27, 2018 at 10:14 PM, Mickaël Salaün wrote: > > On 27/02/2018 06:01, Andy Lutomirski wrote: >> >> >>> On Feb 26, 2018, at 8:17 PM, Andy Lutomirski wrote: >>> On Tue, Feb 27, 2018 at 12:41 AM, Mickaël Salaün wrote: A landlocked process has less privileges than a non-landlock

Re: [PATCH bpf-next v8 08/11] landlock: Add ptrace restrictions

On 27/02/2018 05:17, Andy Lutomirski wrote: > On Tue, Feb 27, 2018 at 12:41 AM, Mickaël Salaün wrote: >> A landlocked process has less privileges than a non-landlocked process >> and must then be subject to additional restrictions when manipulating >> processes. To be allowed to use ptrace(2) an

Re: [PATCH bpf-next v8 08/11] landlock: Add ptrace restrictions

On 27/02/2018 06:01, Andy Lutomirski wrote: > > >> On Feb 26, 2018, at 8:17 PM, Andy Lutomirski wrote: >> >>> On Tue, Feb 27, 2018 at 12:41 AM, Mickaël Salaün wrote: >>> A landlocked process has less privileges than a non-landlocked process >>> and must then be subject to additional restrictio

Re: [PATCH bpf-next v8 08/11] landlock: Add ptrace restrictions

> On Feb 26, 2018, at 8:17 PM, Andy Lutomirski wrote: > >> On Tue, Feb 27, 2018 at 12:41 AM, Mickaël Salaün wrote: >> A landlocked process has less privileges than a non-landlocked process >> and must then be subject to additional restrictions when manipulating >> processes. To be allowed to u

Re: [PATCH bpf-next v8 08/11] landlock: Add ptrace restrictions

On Tue, Feb 27, 2018 at 12:41 AM, Mickaël Salaün wrote: > A landlocked process has less privileges than a non-landlocked process > and must then be subject to additional restrictions when manipulating > processes. To be allowed to use ptrace(2) and related syscalls on a > target process, a landloc

[PATCH bpf-next v8 08/11] landlock: Add ptrace restrictions

A landlocked process has less privileges than a non-landlocked process and must then be subject to additional restrictions when manipulating processes. To be allowed to use ptrace(2) and related syscalls on a target process, a landlocked process must have a subset of the target process' rules. Sig