f490e205bc
The sandboxer can receive the character "s" as input from the environment variable LL_SCOPE to restrict sandboxed processes from sending signals to processes outside of the sandbox. Example ======= Create a sandboxed shell and pass the character "s" to LL_SCOPED: LL_FS_RO=/ LL_FS_RW=. LL_SCOPED="s" ./sandboxer /bin/bash Try to send a SIGTRAP to a process with process ID <PID> through: kill -SIGTRAP <PID> The sandboxed process should not be able to send the signal. Signed-off-by: Tahera Fahimi <fahimitahera@gmail.com> Link: https://lore.kernel.org/r/1f3f1992b2abeb8e5d7aa61b854e1b0721978b9a.1725657728.git.fahimitahera@gmail.com [mic: Improve commit message, simplify code, rebase on previous sample change] Signed-off-by: Mickaël Salaün <mic@digikod.net> |
||
---|---|---|
.. | ||
.gitignore | ||
Makefile | ||
sandboxer.c |