On Tue, Mar 16, 2021 at 9:43 PM Mickaël Salaün mic@digikod.net wrote:
A Landlock ruleset is mainly a red-black tree with Landlock rules as nodes. This enables quick update and lookup to match a requested access, e.g. to a file. A ruleset is usable through a dedicated file descriptor (cf. following commit implementing syscalls) which enables a process to create and populate a ruleset with new rules.
A domain is a ruleset tied to a set of processes. This group of rules defines the security policy enforced on these processes and their future children. A domain can transition to a new domain which is the intersection of all its constraints and those of a ruleset provided by the current process. This modification only impact the current process. This means that a process can only gain more constraints (i.e. lose accesses) over time.
Cc: James Morris jmorris@namei.org Cc: Jann Horn jannh@google.com Cc: Kees Cook keescook@chromium.org Signed-off-by: Mickaël Salaün mic@linux.microsoft.com Acked-by: Serge Hallyn serge@hallyn.com Link: https://lore.kernel.org/r/20210316204252.427806-3-mic@digikod.net
Reviewed-by: Jann Horn jannh@google.com