From mboxrd@z Thu Jan 1 00:00:00 1970 Reply-To: kernel-hardening@lists.openwall.com MIME-Version: 1.0 In-Reply-To: <1472121165-29071-1-git-send-email-mic@digikod.net> References: <1472121165-29071-1-git-send-email-mic@digikod.net> From: Andy Lutomirski Date: Tue, 30 Aug 2016 09:06:30 -0700 Message-ID: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: [kernel-hardening] Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing To: =?UTF-8?B?TWlja2HDq2wgU2FsYcO8bg==?= Cc: "linux-kernel@vger.kernel.org" , Alexei Starovoitov , Arnd Bergmann , Casey Schaufler , Daniel Borkmann , Daniel Mack , David Drysdale , "David S . Miller" , Elena Reshetova , James Morris , Kees Cook , Paul Moore , Sargun Dhillon , "Serge E . Hallyn" , Will Drewry , "kernel-hardening@lists.openwall.com" , Linux API , LSM List , Network Development List-ID: On Thu, Aug 25, 2016 at 3:32 AM, Micka=C3=ABl Sala=C3=BCn = wrote: > Hi, > > This series is a proof of concept to fill some missing part of seccomp as= the > ability to check syscall argument pointers or creating more dynamic secur= ity > policies. The goal of this new stackable Linux Security Module (LSM) call= ed > Landlock is to allow any process, including unprivileged ones, to create > powerful security sandboxes comparable to the Seatbelt/XNU Sandbox or the > OpenBSD Pledge. This kind of sandbox help to mitigate the security impact= of > bugs or unexpected/malicious behaviors in userland applications. Micka=C3=ABl, will you be at KS and/or LPC?