Re: [PATCH net-next v7 08/10] bpf: Add a Landlock sandbox example

From: MickaÃl SalaÃn
Date: Sat Sep 02 2017 - 09:21:25 EST

Next message: Andrea Arcangeli: "Re: [PATCH 00/13] mmu_notifier kill invalidate_page callback v2"
Previous message: Mavis Wanczyk Foundation: "Re: Donation"
In reply to: Alban Crequy: "Re: [PATCH net-next v7 08/10] bpf: Add a Landlock sandbox example"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 01/09/2017 12:25, Alban Crequy wrote:
> Hi MickaÃl,
>
> On 21 August 2017 at 02:09, MickaÃl SalaÃn <mic@xxxxxxxxxxx> wrote:
>> Add a basic sandbox tool to create a process isolated from some part of
>> the system. This sandbox create a read-only environment. It is only
>> allowed to write to a character device such as a TTY:
> ...
>> + /*
>> + * This check allows the action on the file if it is a directory or a
>> + * pipe. Otherwise, a message is printed to the eBPF log.
>> + */
>> + if (S_ISCHR(ret) || S_ISFIFO(ret))
>> + return 0;
>
>
> The comment says "directory", but the code checks for "character device".
>
> Thanks!
> Alban
>

Fixed, thanks!

Attachment: signature.asc
Description: OpenPGP digital signature

Next message: Andrea Arcangeli: "Re: [PATCH 00/13] mmu_notifier kill invalidate_page callback v2"
Previous message: Mavis Wanczyk Foundation: "Re: Donation"
In reply to: Alban Crequy: "Re: [PATCH net-next v7 08/10] bpf: Add a Landlock sandbox example"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]