[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <57C5E3C8.1080103@digikod.net>
Date: Tue, 30 Aug 2016 21:51:36 +0200
From: Mickaël Salaün <mic@...ikod.net>
To: Andy Lutomirski <luto@...capital.net>
Cc: LKML <linux-kernel@...r.kernel.org>,
Alexei Starovoitov <ast@...nel.org>,
Arnd Bergmann <arnd@...db.de>,
Casey Schaufler <casey@...aufler-ca.com>,
Daniel Borkmann <daniel@...earbox.net>,
Daniel Mack <daniel@...que.org>,
David Drysdale <drysdale@...gle.com>,
"David S . Miller" <davem@...emloft.net>,
Elena Reshetova <elena.reshetova@...el.com>,
James Morris <james.l.morris@...cle.com>,
Kees Cook <keescook@...omium.org>,
Paul Moore <pmoore@...hat.com>,
Sargun Dhillon <sargun@...gun.me>,
"Serge E . Hallyn" <serge@...lyn.com>,
Will Drewry <wad@...omium.org>,
Kernel Hardening <kernel-hardening@...ts.openwall.com>,
Linux API <linux-api@...r.kernel.org>,
LSM List <linux-security-module@...r.kernel.org>,
Network Development <netdev@...r.kernel.org>,
Tejun Heo <tj@...nel.org>
Subject: Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing
On 30/08/2016 18:06, Andy Lutomirski wrote:
> On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün <mic@...ikod.net> wrote:
>> Hi,
>>
>> This series is a proof of concept to fill some missing part of seccomp as the
>> ability to check syscall argument pointers or creating more dynamic security
>> policies. The goal of this new stackable Linux Security Module (LSM) called
>> Landlock is to allow any process, including unprivileged ones, to create
>> powerful security sandboxes comparable to the Seatbelt/XNU Sandbox or the
>> OpenBSD Pledge. This kind of sandbox help to mitigate the security impact of
>> bugs or unexpected/malicious behaviors in userland applications.
>
> Mickaël, will you be at KS and/or LPC?
>
I won't be at KS/LPC but I will give a talk at Kernel Recipes (Paris)
for which registration will start Thursday (and will not last long). :)
Mickaël
Download attachment "signature.asc" of type "application/pgp-signature" (456 bytes)
Powered by blists - more mailing lists