Lines Matching refs:ruleset
33 rights`_. A set of rules is aggregated in a ruleset, which can then restrict
39 We first need to define the ruleset that will contain our rules. For this
40 example, the ruleset will contain rules that only allow read actions, but write
41 actions will be denied. The ruleset then needs to handle both of these kind of
97 This enables to create an inclusive ruleset that will contain our rules.
105 perror("Failed to create a ruleset");
109 We can now add a new rule to this ruleset thanks to the returned file
110 descriptor referring to this ruleset. The rule will only allow reading the
112 denied by the ruleset. To add ``/usr`` to the ruleset, we open it with the
136 perror("Failed to update ruleset");
142 for the ruleset creation, by filtering access rights according to the Landlock
146 We now have a ruleset with one rule allowing read access to ``/usr`` while
159 The current thread is now ready to sandbox itself with the ruleset.
164 perror("Failed to enforce ruleset");
175 ruleset.
204 Each time a thread enforces a ruleset on itself, it updates its Landlock domain
208 ruleset.
297 enforced Landlock ruleset.
307 associated bitflags, particularly the ruleset's ``handled_access_fs``. Making
360 Creating a new ruleset
369 Extending a ruleset
378 Enforcing a ruleset
398 according to the handled accesses of a ruleset. However, files that do not
406 restrict such paths with dedicated ruleset flags.
412 task willing to enforce a new ruleset in complement to its 16 inherited
434 restrict access to files, also implies inheritance of the ruleset restrictions