summaryrefslogtreecommitdiff
path: root/samples/Kconfig
diff options
context:
space:
mode:
authorMickaël Salaün <mic@linux.microsoft.com>2021-04-22 17:41:21 +0200
committerJames Morris <jamorris@linux.microsoft.com>2021-04-22 12:22:11 -0700
commitba84b0bf5a164f0f523656c1e37568c30f3f3303 (patch)
tree50f0cd2eab45a9bc48371833464209d670ca8035 /samples/Kconfig
parente1199815b47be83346c03e20a3de76f934e4bb34 (diff)
samples/landlock: Add a sandbox manager example
Add a basic sandbox tool to launch a command which can only access a list of file hierarchies in a read-only or read-write way. Cc: James Morris <jmorris@namei.org> Cc: Serge E. Hallyn <serge@hallyn.com> Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com> Reviewed-by: Jann Horn <jannh@google.com> Reviewed-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20210422154123.13086-12-mic@digikod.net Signed-off-by: James Morris <jamorris@linux.microsoft.com>
Diffstat (limited to 'samples/Kconfig')
-rw-r--r--samples/Kconfig7
1 files changed, 7 insertions, 0 deletions
diff --git a/samples/Kconfig b/samples/Kconfig
index e76cdfc50e25..b5a1a7aa7e23 100644
--- a/samples/Kconfig
+++ b/samples/Kconfig
@@ -124,6 +124,13 @@ config SAMPLE_HIDRAW
bool "hidraw sample"
depends on CC_CAN_LINK && HEADERS_INSTALL
+config SAMPLE_LANDLOCK
+ bool "Landlock example"
+ depends on CC_CAN_LINK && HEADERS_INSTALL
+ help
+ Build a simple Landlock sandbox manager able to start a process
+ restricted by a user-defined filesystem access control policy.
+
config SAMPLE_PIDFD
bool "pidfd sample"
depends on CC_CAN_LINK && HEADERS_INSTALL