Lines Matching +full:acquisition +full:- +full:time

1 .. SPDX-License-Identifier: GPL-2.0
2 .. Copyright © 2017-2020 Mickaël Salaün <mic@digikod.net>
3 .. Copyright © 2019-2020 ANSSI
12 Landlock's goal is to create scoped access-control (i.e. sandboxing).  To
21 LSM).  A Landlock rule shall not interfere with other access-controls enforced
29 Documentation/userspace-api/landlock.rst.
36   seccomp-bpf.
37 * To avoid multiple kinds of side-channel attacks (e.g. leak of security
38   policies, CPU-based attacks), Landlock rules shall not be able to
45   sandboxed process shall retain their scoped accesses (at the time of resource
46   acquisition) whatever process uses them.
57 -------------------
69 -----------------------------
71 Access rights are checked and tied to file descriptors at open time.  The
102 ------
104 .. kernel-doc:: security/landlock/object.h
108 ----------
110 .. kernel-doc:: security/landlock/fs.h
114 ------------------
116 A domain is a read-only ruleset tied to a set of subjects (i.e. tasks'
117 credentials).  Each time a ruleset is enforced on a task, the current domain is
128 .. kernel-doc:: security/landlock/ruleset.h
134 * Documentation/userspace-api/landlock.rst
135 * Documentation/admin-guide/LSM/landlock.rst