Linux kernel development work - see feature branches https://git.zx2c4.com/linux-dev/atom/security/landlock/common.h?h=linus%2Fmaster 2021-04-22T19:22:10Z 2021-04-22T19:22:10Z Mickaël Salaün mic@linux.microsoft.com 2021-04-22T15:41:13Z urn:sha1:385975dca53eb41031d0cbd1de318eb1bc5d6bb9 Process's credentials point to a Landlock domain, which is underneath implemented with a ruleset. In the following commits, this domain is used to check and enforce the ptrace and filesystem security policies. A domain is inherited from a parent to its child the same way a thread inherits a seccomp policy. Cc: James Morris <jmorris@namei.org> Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com> Reviewed-by: Jann Horn <jannh@google.com> Acked-by: Serge Hallyn <serge@hallyn.com> Reviewed-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20210422154123.13086-4-mic@digikod.net Signed-off-by: James Morris <jamorris@linux.microsoft.com>