samples/landlock: Add a sandbox manager example Add a basic sandbox tool to launch a command which can only access a list of file hierarchies in a read-only or read-write way. Cc: James Morris <jmorris@namei.org> Cc: Serge E. Hallyn <serge@hallyn.com> Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com> Reviewed-by: Jann Horn <jannh@google.com> Reviewed-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20210422154123.13086-12-mic@digikod.net Signed-off-by: James Morris <jamorris@linux.microsoft.com>

commit: ba84b0bf5a164f0f523656c1e37568c30f3f3303 [log] [tgz]
author: Mickaël Salaün <mic@linux.microsoft.com> Thu Apr 22 17:41:21 2021 +0200
committer: James Morris <jamorris@linux.microsoft.com> Thu Apr 22 12:22:11 2021 -0700
tree: 50f0cd2eab45a9bc48371833464209d670ca8035
parent: e1199815b47be83346c03e20a3de76f934e4bb34 [diff] [blame]
diff --git a/samples/Makefile b/samples/Makefile
index c3392a5..087e098 100644
--- a/samples/Makefile
+++ b/samples/Makefile

@@ -11,6 +11,7 @@
 obj-$(CONFIG_SAMPLE_KFIFO)		+= kfifo/
 obj-$(CONFIG_SAMPLE_KOBJECT)		+= kobject/
 obj-$(CONFIG_SAMPLE_KPROBES)		+= kprobes/
+subdir-$(CONFIG_SAMPLE_LANDLOCK)	+= landlock
 obj-$(CONFIG_SAMPLE_LIVEPATCH)		+= livepatch/
 subdir-$(CONFIG_SAMPLE_PIDFD)		+= pidfd
 obj-$(CONFIG_SAMPLE_QMI_CLIENT)		+= qmi/
commit	ba84b0bf5a164f0f523656c1e37568c30f3f3303	[log] [tgz]
author	Mickaël Salaün <mic@linux.microsoft.com>	Thu Apr 22 17:41:21 2021 +0200
committer	James Morris <jamorris@linux.microsoft.com>	Thu Apr 22 12:22:11 2021 -0700
tree	50f0cd2eab45a9bc48371833464209d670ca8035
parent	e1199815b47be83346c03e20a3de76f934e4bb34 [diff] [blame]