Y
Hacker News
new
|
ask
|
show
|
jobs
by
wufocaculura
815 days ago
There's a single dot in a line between #include <sys/prcntl.h> and void my_sandbox(void). It is easy to miss, but makes the compile to fail, thus resulting in HAVE_LINUX_LANDLOCK to be never enabled.
2 comments
arrowsmith
815 days ago
Can someone explain to n00bs like me: what's "landlock" anyway and why is it significant here?
link
Denvercoder9
815 days ago
It's a Linux Security Module that allows to sandbox processes:
https://docs.kernel.org/userspace-api/landlock.html
link
Thorrez
815 days ago
prctl, not prcntl
link