Lines Matching refs:ruleset

33 rights`_.  A set of rules is aggregated in a ruleset, which can then restrict
39 We first need to define the ruleset that will contain our rules.  For this
40 example, the ruleset will contain rules that only allow read actions, but write
41 actions will be denied.  The ruleset then needs to handle both of these kind of
84 This enables to create an inclusive ruleset that will contain our rules.
92         perror("Failed to create a ruleset");
96 We can now add a new rule to this ruleset thanks to the returned file
97 descriptor referring to this ruleset.  The rule will only allow reading the
99 denied by the ruleset.  To add ``/usr`` to the ruleset, we open it with the
123         perror("Failed to update ruleset");
129 for the ruleset creation, by filtering access rights according to the Landlock
133 We now have a ruleset with one rule allowing read access to ``/usr`` while
146 The current thread is now ready to sandbox itself with the ruleset.
151         perror("Failed to enforce ruleset");
162 ruleset.
191 Each time a thread enforces a ruleset on itself, it updates its Landlock domain
195 ruleset.
263 associated bitflags, particularly the ruleset's ``handled_access_fs``.  Making
316 Creating a new ruleset
325 Extending a ruleset
334 Enforcing a ruleset
354 according to the handled accesses of a ruleset.  However, files that do not
362 restrict such paths with dedicated ruleset flags.
368 task willing to enforce a new ruleset in complement to its 16 inherited
390 restrict access to files, also implies inheritance of the ruleset restrictions