Lines Matching +full:acquisition +full:- +full:time

1 .. SPDX-License-Identifier: GPL-2.0
2 .. Copyright © 2017-2020 Mickaël Salaün <mic@digikod.net>
3 .. Copyright © 2019-2020 ANSSI
12 Landlock's goal is to create scoped access-control (i.e. sandboxing).  To
21 LSM).  A Landlock rule shall not interfere with other access-controls enforced
29 Documentation/userspace-api/landlock.rst.
36   seccomp-bpf.
37 * To avoid multiple kinds of side-channel attacks (e.g. leak of security
38   policies, CPU-based attacks), Landlock rules shall not be able to
45   sandboxed process shall retain their scoped accesses (at the time of resource
46   acquisition) whatever process uses them.
53 -------------------
65 -----------------------------
67 Access rights are checked and tied to file descriptors at open time.  The
98 ------
100 .. kernel-doc:: security/landlock/object.h
104 ----------
106 .. kernel-doc:: security/landlock/fs.h
110 ------------------
112 A domain is a read-only ruleset tied to a set of subjects (i.e. tasks'
113 credentials).  Each time a ruleset is enforced on a task, the current domain is
124 .. kernel-doc:: security/landlock/ruleset.h