samples/landlock: Add support for signal scoping
The sandboxer can receive the character "s" as input from the
environment variable LL_SCOPE to restrict sandboxed processes from
sending signals to processes outside of the sandbox.
Example
=======
Create a sandboxed shell and pass the character "s" to LL_SCOPED:
LL_FS_RO=/ LL_FS_RW=. LL_SCOPED="s" ./sandboxer /bin/bash
Try to send a SIGTRAP to a process with process ID <PID> through:
kill -SIGTRAP <PID>
The sandboxed process should not be able to send the signal.
Signed-off-by: Tahera Fahimi <fahimitahera@gmail.com>
Link: https://lore.kernel.org/r/1f3f1992b2abeb8e5d7aa61b854e1b0721978b9a.1725657728.git.fahimitahera@gmail.com
[mic: Improve commit message, simplify code, rebase on previous sample
change]
Signed-off-by: Mickaël Salaün <mic@digikod.net>
projects / users / jedix / linux-maple.git / commit