mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-01 10:45:49 +00:00
75c542d6c6
The maximum number of nested Landlock domains is currently 64. Because of the following fix and to help reduce the stack size, let's reduce it to 16. This seems large enough for a lot of use cases (e.g. sandboxed init service, spawning a sandboxed SSH service, in nested sandboxed containers). Reducing the number of nested domains may also help to discover misuse of Landlock (e.g. creating a domain per rule). Add and use a dedicated layer_mask_t typedef to fit with the number of layers. This might be useful when changing it and to keep it consistent with the maximum number of layers. Reviewed-by: Paul Moore <paul@paul-moore.com> Link: https://lore.kernel.org/r/20220506161102.525323-3-mic@digikod.net Cc: stable@vger.kernel.org Signed-off-by: Mickaël Salaün <mic@digikod.net> |
||
|---|---|---|
| .. | ||
| accelerators | ||
| ebpf | ||
| ioctl | ||
| media | ||
| futex2.rst | ||
| index.rst | ||
| iommu.rst | ||
| landlock.rst | ||
| no_new_privs.rst | ||
| seccomp_filter.rst | ||
| spec_ctrl.rst | ||
| sysfs-platform_profile.rst | ||
| unshare.rst | ||
| vduse.rst | ||