[File-cvs] CVS commit: file
Christos Zoulas
christos at zoulas.com
Mon May 11 12:19:42 EDT 2026
Module Name: file
Committed By: christos
Date: Mon May 11 16:19:42 UTC 2026
Modified Files:
file: configure.ac
file/src: file.c file.h
Added Files:
file/src: landlock.c
Log Message:
This adds landlock to the existing sandbox.
Unlike seccomp, it is much less prone to breaking when dependencies
or features change. It isolates filesystem and network where
possible using the kernel lsm which is available on modern distros
by default.
In combination with seccomp it provides a solid process isolation
that should hold even against serious attempts to circumvent it.
To generate a diff of this commit:
cvs rdiff -r1.110 -r1.111 file/configure.ac
cvs rdiff -r1.220 -r1.221 file/src/file.c
cvs rdiff -r1.265 -r1.266 file/src/file.h
cvs rdiff -r0 -r1.1 file/src/landlock.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
More information about the File-cvs
mailing list