Lines Matching full:access

12 Landlock's goal is to create scoped access-control (i.e. sandboxing).  To
20 system security policy enforced by other access control mechanisms (e.g. DAC,
21 LSM).  A Landlock rule shall not interfere with other access-controls enforced
31 Guiding principles for safe access controls
34 * A Landlock rule shall be focused on access control on kernel objects instead
40 * Kernel access check shall not slow down access request from unsandboxed
47   Cf. `File descriptor access rights`_.
48 * Access denials shall be logged according to system and Landlock domain
56 Inode access rights
59 All access rights are tied to an inode and what can be accessed through it.
68 File descriptor access rights
71 Access rights are checked and tied to file descriptors at open time.  The
78 hierarchy doesn't grant that access right.  The following sequences of
84 Similarly to file access modes (e.g. ``O_RDWR``), Landlock access rights
86 processes (e.g. through a Unix domain socket).  Such access rights will then be
88 this is required to keep access controls consistent over the whole system, and
120 grant access to an object, at least one rule of each layer must allow the