samples/landlock: Enable users to log sandbox denials - kernel/linux.git

diff options

author	Mickaël Salaün <mic@digikod.net>	2025-03-20 22:07:08 +0300
committer	Mickaël Salaün <mic@digikod.net>	2025-03-26 15:59:44 +0300
commit	ec2798d85b1c29f4549849f1332555a0fd09686f (patch)
tree	cd978c8d65f01fe691f9f59519ec3b959c9b8edb /lib/debugobjects.c
parent	ead9079f75696a028aea8860787770c80eddb8f9 (diff)
download	linux-ec2798d85b1c29f4549849f1332555a0fd09686f.tar.xz

samples/landlock: Enable users to log sandbox denials

By default, denials from within the sandbox are not logged. Indeed, the sandboxer's security policy might not be fitted to the set of sandboxed processes that could be spawned (e.g. from a shell). For test purpose, parse the LL_FORCE_LOG environment variable to log every sandbox denials, including after launching the initial sandboxed program thanks to LANDLOCK_RESTRICT_SELF_LOG_NEW_EXEC_ON. Cc: Günther Noack <gnoack@google.com> Link: https://lore.kernel.org/r/20250320190717.2287696-20-mic@digikod.net [mic: Remove inappropriate hunk] Signed-off-by: Mickaël Salaün <mic@digikod.net>

Diffstat (limited to 'lib/debugobjects.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: