Lines Matching refs:ruleset

26 rights`_.  A set of rules is aggregated in a ruleset, which can then restrict
32 We first need to create the ruleset that will contain our rules.  For this
33 example, the ruleset will contain rules that only allow read actions, but write
34 actions will be denied.  The ruleset then needs to handle both of these kind of
59         perror("Failed to create a ruleset");
63 We can now add a new rule to this ruleset thanks to the returned file
64 descriptor referring to this ruleset.  The rule will only allow reading the
66 denied by the ruleset.  To add ``/usr`` to the ruleset, we open it with the
90         perror("Failed to update ruleset");
95 We now have a ruleset with one rule allowing read access to ``/usr`` while
108 The current thread is now ready to sandbox itself with the ruleset.
113         perror("Failed to enforce ruleset");
124 ruleset.
131 Each time a thread enforces a ruleset on itself, it updates its Landlock domain
135 ruleset.
204 Creating a new ruleset
213 Extending a ruleset
222 Enforcing a ruleset
236 Properly handling multiple layers of ruleset, each one of them able to restrict
237 access to files, also implies to inherit the ruleset restrictions from a parent
243 will enable more flexibility for renaming and linking, with dedicated ruleset
257 according to the handled accesses of a ruleset.  However, files that do not
265 restrict such paths with dedicated ruleset flags.
271 task willing to enforce a new ruleset in complement to its 64 inherited