Lines Matching refs:access
7 Landlock: unprivileged access control
14 filesystem access) for a set of processes. Because Landlock is a stackable
16 in addition to the existing system-wide access-controls. This kind of sandbox
25 file hierarchy, and the related filesystem actions are defined with `access
95 We now have a ruleset with one rule allowing read access to ``/usr`` while
128 Layers of file path access rights
137 One policy layer grants access to a file path if at least one of its rules
138 encountered on the path grants the access. A sandboxed thread can only access
139 a file path if all its enforced policy layers grant the access as well as all
140 the other system access controls (e.g. filesystem DAC, other LSM policies,
146 Landlock enables to restrict access to file hierarchies, which means that these
147 access rights can be propagated with bind mounts (cf.
154 access when they are encountered on a path, which means that they can restrict
155 access to multiple file hierarchies at the same time, whether these hierarchies
166 then only think about file hierarchies they want to allow access to, regardless
234 Because Landlock targets unprivileged access controls, it is needed to properly
237 access to files, also implies to inherit the ruleset restrictions from a parent
262 restricted. However, thanks to the `ptrace restrictions`_, access to such
299 access-control and then miss useful features for such use case (e.g. no
302 `Controlling access to user namespaces <https://lwn.net/Articles/673597/>`_).