linux-stable/samples
Tahera Fahimi f490e205bc
samples/landlock: Add support for signal scoping
The sandboxer can receive the character "s" as input from the
environment variable LL_SCOPE to restrict sandboxed processes from
sending signals to processes outside of the sandbox.

Example
=======

Create a sandboxed shell and pass the character "s" to LL_SCOPED:
  LL_FS_RO=/ LL_FS_RW=. LL_SCOPED="s" ./sandboxer /bin/bash

Try to send a SIGTRAP to a process with process ID <PID> through:
  kill -SIGTRAP <PID>

The sandboxed process should not be able to send the signal.

Signed-off-by: Tahera Fahimi <fahimitahera@gmail.com>
Link: https://lore.kernel.org/r/1f3f1992b2abeb8e5d7aa61b854e1b0721978b9a.1725657728.git.fahimitahera@gmail.com
[mic: Improve commit message, simplify code, rebase on previous sample
change]
Signed-off-by: Mickaël Salaün <mic@digikod.net>
2024-09-16 23:50:54 +02:00
..
acrn virt: acrn: Fix typos 2024-05-04 18:59:44 +02:00
auxdisplay .gitignore: prefix local generated files with a slash 2021-05-02 00:43:35 +09:00
binderfs .gitignore: prefix local generated files with a slash 2021-05-02 00:43:35 +09:00
bpf bpf-next-for-netdev 2024-05-28 07:27:29 -07:00
cgroup samples/cgroup: add .gitignore file for generated samples 2024-01-24 11:52:40 -08:00
configfs samples: configfs: add missing MODULE_DESCRIPTION() macro 2024-07-10 14:59:01 +02:00
connector .gitignore: prefix local generated files with a slash 2021-05-02 00:43:35 +09:00
coresight coresight: syscfg: Example CoreSight configuration loadable module 2021-11-26 11:34:07 -07:00
fanotify Add gitignore file for samples/fanotify/ subdirectory 2021-11-07 11:19:24 -08:00
fprobe fprobe: add missing MODULE_DESCRIPTION() macro 2024-06-12 08:44:27 +09:00
ftrace RISC-V Patches for the 6.8 Merge Window, Part 4 2024-01-20 11:06:04 -08:00
hid HID: samples: fix the 2 struct_ops definitions 2024-07-05 14:08:31 +02:00
hidraw .gitignore: prefix local generated files with a slash 2021-05-02 00:43:35 +09:00
hw_breakpoint samples/hw_breakpoint: mark sample_hbp as static 2023-07-26 11:17:19 -07:00
kdb kdb: Rename members of struct kdbtab_t 2021-07-27 17:05:06 +01:00
kfifo kfifo: add missing MODULE_DESCRIPTION() macros 2024-06-28 19:36:29 -07:00
kmemleak kmemleak-test: add missing MODULE_DESCRIPTION() macro 2024-07-03 19:30:04 -07:00
kobject samples/kobject: add missing MODULE_DESCRIPTION() macros 2024-06-04 18:04:28 +02:00
kprobes samples: kprobes: add missing MODULE_DESCRIPTION() macros 2024-06-12 08:44:27 +09:00
landlock samples/landlock: Add support for signal scoping 2024-09-16 23:50:54 +02:00
livepatch livepatch: Reorder to use before freeing a pointer 2022-03-23 13:51:11 +01:00
mei samples: mei: don't wait on read completion upon write. 2021-08-01 09:54:22 +02:00
nitro_enclaves nitro_enclaves: Add fixes for checkpatch blank line reports 2021-09-14 11:11:20 +02:00
pfsm samples: Add userspace example for TI TPS6594 PFSM 2023-06-15 13:41:53 +02:00
pidfd .gitignore: prefix local generated files with a slash 2021-05-02 00:43:35 +09:00
pktgen samples: pktgen: fix append mode failed issue 2023-07-03 09:15:26 +01:00
qmi samples: qmi: Convert to platform remove callback returning void 2024-05-27 10:14:15 +02:00
rpmsg samples/rpmsg: Introduce a module parameter for message count 2019-08-26 22:10:39 -07:00
rust rust: sync: update Arc and UniqueArc to take allocation flags 2024-04-16 22:50:04 +02:00
seccomp samples: user-trap: fix strict-aliasing warning 2024-02-12 10:42:02 -08:00
timers .gitignore: prefix local generated files with a slash 2021-05-02 00:43:35 +09:00
trace_events treewide: remove unnecessary <linux/version.h> inclusion 2024-08-12 18:36:44 +09:00
trace_printk samples/trace_printk: Wait for IRQ work to finish 2019-12-21 16:08:22 -05:00
uhid kbuild: introduce hostprogs-always-y and userprogs-always-y 2020-08-10 01:32:59 +09:00
user_events tracing/user_events: Use write ABI in example 2023-03-29 06:52:09 -04:00
v4l media updates for v6.8-rc1 2024-01-12 14:29:48 -08:00
vfio-mdev vfio-mdev: add missing MODULE_DESCRIPTION() macros 2024-07-17 12:24:13 -06:00
vfs .gitignore: prefix local generated files with a slash 2021-05-02 00:43:35 +09:00
watch_queue .gitignore: prefix local generated files with a slash 2021-05-02 00:43:35 +09:00
watchdog .gitignore: prefix local generated files with a slash 2021-05-02 00:43:35 +09:00
Kconfig samples: introduce new samples subdir for cgroup 2023-12-10 16:51:54 -08:00
Makefile samples: introduce new samples subdir for cgroup 2023-12-10 16:51:54 -08:00