Re: [PATCH net-next v7 08/10] bpf: Add a Landlock sandbox example
From: MickaÃl SalaÃn
Date: Sat Sep 02 2017 - 09:21:25 EST
On 01/09/2017 12:25, Alban Crequy wrote:
> Hi MickaÃl,
>
> On 21 August 2017 at 02:09, MickaÃl SalaÃn <mic@xxxxxxxxxxx> wrote:
>> Add a basic sandbox tool to create a process isolated from some part of
>> the system. This sandbox create a read-only environment. It is only
>> allowed to write to a character device such as a TTY:
> ...
>> + /*
>> + * This check allows the action on the file if it is a directory or a
>> + * pipe. Otherwise, a message is printed to the eBPF log.
>> + */
>> + if (S_ISCHR(ret) || S_ISFIFO(ret))
>> + return 0;
>
>
> The comment says "directory", but the code checks for "character device".
>
> Thanks!
> Alban
>
Fixed, thanks!
Attachment:
signature.asc
Description: OpenPGP digital signature