Lines Matching full:access
12 Landlock's goal is to create scoped access-control (i.e. sandboxing). To
20 system security policy enforced by other access control mechanisms (e.g. DAC,
21 LSM). A Landlock rule shall not interfere with other access-controls enforced
31 Guiding principles for safe access controls
34 * A Landlock rule shall be focused on access control on kernel objects instead
40 * Kernel access check shall not slow down access request from unsandboxed
47 Cf. `File descriptor access rights`_.
52 Inode access rights
55 All access rights are tied to an inode and what can be accessed through it.
64 File descriptor access rights
67 Access rights are checked and tied to file descriptors at open time. The
74 hierarchy doesn't grant that access right. The following sequences of
80 Similarly to file access modes (e.g. ``O_RDWR``), Landlock access rights
82 processes (e.g. through a Unix domain socket). Such access rights will then be
84 this is required to keep access controls consistent over the whole system, and
116 grant access to an object, at least one rule of each layer must allow the