On Tue 2016-09-20 19:08:23, Mickaël Salaün wrote: > > On 15/09/2016 11:19, Pavel Machek wrote: > > Hi! > > > >> This series is a proof of concept to fill some missing part of seccomp as the > >> ability to check syscall argument pointers or creating more dynamic security > >> policies. The goal of this new stackable Linux Security Module (LSM) called > >> Landlock is to allow any process, including unprivileged ones, to create > >> powerful security sandboxes comparable to the Seatbelt/XNU Sandbox or the > >> OpenBSD Pledge. This kind of sandbox help to mitigate the security impact of > >> bugs or unexpected/malicious behaviors in userland applications. > >> > >> The first RFC [1] was focused on extending seccomp while staying at the syscall > >> level. This brought a working PoC but with some (mitigated) ToCToU race > >> conditions due to the seccomp ptrace hole (now fixed) and the non-atomic > >> syscall argument evaluation (hence the LSM hooks). > > > > Long and nice description follows. Should it go to Documentation/ > > somewhere? > > > > Because some documentation would be useful... > > Right, but I was looking for feedback before investing in documentation. :) Heh. And I was hoping to learn what I'm reviewing. Too bad :-). Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html