Cc Tejun and the cgroups ML. On 27/08/2016 17:10, Mickaël Salaün wrote: > On 27/08/2016 09:40, Andy Lutomirski wrote: >> On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün wrote: >>> >>> # Sandbox example with conditional access control depending on cgroup >>> >>> $ mkdir /sys/fs/cgroup/sandboxed >>> $ ls /home >>> user1 >>> $ LANDLOCK_CGROUPS='/sys/fs/cgroup/sandboxed' \ >>> LANDLOCK_ALLOWED='/bin:/lib:/usr:/tmp:/proc/self/fd/0' \ >>> ./sandbox /bin/sh -i >>> $ ls /home >>> user1 >>> $ echo $$ > /sys/fs/cgroup/sandboxed/cgroup.procs >>> $ ls /home >>> ls: cannot open directory '/home': Permission denied >>> >> >> Something occurs to me that isn't strictly relevant to landlock but >> may be relevant to unprivileged cgroups: can you cause trouble by >> setting up a nastily-configured cgroup and running a setuid program in >> it? >> > > I hope not… But the use of cgroups should not be mandatory for Landlock. > In a previous email: On 26/08/2016 17:50, Tejun Heo wrote: > I haven't looked in detail but in general I'm not too excited about > layering security mechanism on top of cgroup. Maybe it makes some > sense when security domain coincides with resource domains but at any > rate please keep me in the loop.