-
I'd like the sandbox (or a similar command that's more powerful, perhaps called sandcastle :stuck_out_tongue_winking_eye: ) to support limiting network connections per host and file operations per pat…
-
### Description
Unable to run user-namespaced container.
My setup is
containerd v1.7.0 (which supports usernamespaces)
```
ctr version
Client:
Version: v1.7.0
Revision: 1fbd70374134…
-
It looks like AppArmor flags are totally missing from kernel configuration. Debian kernel, on the other hand, is configured as follows:
```
$ grep APPARMOR /boot/config-5.18.0-0.deb11.4-amd64
CONF…
-
## What is the Problem Being Solved?
[seccomp(2)](https://en.wikipedia.org/wiki/Seccomp) is a Linux kernel facility that allows a process to voluntarily give up access to nearly everything. Once in…
-
Landlock ABI V4 was added in Linux 6.7. New features include support of restricting TCP ports, etc.
-
I have already posted it in the `Arch Linux on RIDC-V` matrix channel, but as `RVVM` use NVMe as a default choice, I think it's worth to ask it in an issue in RVVM.
Here is the problem:
### nvme d…
-
**Is your feature request related to a problem? Please describe.**
Current I2C API support only read/write APIs and depend on the driver supporting the "eI2CSendNoStopFlag" mode to implement back-t…
-
New Linux versions get released over time, and old ones cannot be supported indefinitely. This is the tracking recurring issue for announcing end of support for very old versions that we decide to dro…
-
Make `ioctl(2)` requests restrictable with Landlock, in a way that is useful for real-world applications.
See https://lore.kernel.org/all/20231208155121.1943775-1-gnoack@google.com/
@gnoack is w…
l0kod updated
3 weeks ago
-
*On GitLab by @valoq on Dec 22, 2022, 19:20*
---
_Merges master -> develop_
This commit adds an alternative command line option to set the sandbox mode as an alternative to the configuration option…