€•T£      Œsphinx.addnodes”Œdocument”“”)”}”(Œ	rawsource”Œ ”Œchildren”]”(Œtranslations”ŒLanguagesNode”“”)”}”(hhh]”(h Œpending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ
attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ	refdomain”Œstd”Œreftype”Œdoc”Œ	reftarget”Œ,/translations/zh_CN/admin-guide/LSM/landlock”Œmodname”NŒ	classname”NŒrefexplicit”ˆuŒtagname”hhhubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ,/translations/zh_TW/admin-guide/LSM/landlock”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ,/translations/it_IT/admin-guide/LSM/landlock”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ,/translations/ja_JP/admin-guide/LSM/landlock”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ,/translations/ko_KR/admin-guide/LSM/landlock”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒPortuguese (Brazilian)”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ,/translations/pt_BR/admin-guide/LSM/landlock”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒSpanish”…””}”hh–sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ,/translations/sp_SP/admin-guide/LSM/landlock”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h
hhŒ	_document”hŒsource”NŒline”NubhŒcomment”“”)”}”(hŒ SPDX-License-Identifier: GPL-2.0”h]”hŒ SPDX-License-Identifier: GPL-2.0”…””}”hh·sbah}”(h]”h ]”h"]”h$]”h&]”Œ	xml:space”Œpreserve”uh1hµhhh²hh³ŒF/var/lib/git/docbuild/linux/Documentation/admin-guide/LSM/landlock.rst”h´Kubh¶)”}”(hŒ'Copyright Â© 2025 Microsoft Corporation”h]”hŒ'Copyright Â© 2025 Microsoft Corporation”…””}”hhÈsbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1hµhhh²hh³hÇh´KubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒ Landlock: system-wide management”h]”hŒ Landlock: system-wide management”…””}”(hhÝh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÛhhØh²hh³hÇh´KubhŒ
field_list”“”)”}”(hhh]”(hŒfield”“”)”}”(hhh]”(hŒ
field_name”“”)”}”(hŒAuthor”h]”hŒAuthor”…””}”(hh÷h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhhòh³hÇh´K ubhŒ
field_body”“”)”}”(hŒMickaÃ«l SalaÃ¼n”h]”hŒ	paragraph”“”)”}”(hj	  h]”hŒMickaÃ«l SalaÃ¼n”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´Khj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hhòubeh}”(h]”h ]”h"]”h$]”h&]”uh1hðh³hÇh´Khhíh²hubhñ)”}”(hhh]”(hö)”}”(hŒDate”h]”hŒDate”…””}”(hj)  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hõhj&  h³hÇh´K ubj  )”}”(hŒJanuary 2026
”h]”j  )”}”(hŒJanuary 2026”h]”hŒJanuary 2026”…””}”(hj;  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K	hj7  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj&  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hðh³hÇh´K	hhíh²hubeh}”(h]”h ]”h"]”h$]”h&]”uh1hëhhØh²hh³hÇh´Kubj  )”}”(hŒ8Landlock can leverage the audit framework to log events.”h]”hŒ8Landlock can leverage the audit framework to log events.”…””}”(hj[  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´KhhØh²hubj  )”}”(hŒUUser space documentation can be found here:
Documentation/userspace-api/landlock.rst.”h]”hŒUUser space documentation can be found here:
Documentation/userspace-api/landlock.rst.”…””}”(hji  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´KhhØh²hubh×)”}”(hhh]”(hÜ)”}”(hŒAudit”h]”hŒAudit”…””}”(hjz  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÛhjw  h²hh³hÇh´Kubj  )”}”(hXC  Denied access requests are logged by default for a sandboxed program if `audit`
is enabled.  This default behavior can be changed with the
sys_landlock_restrict_self() flags (cf.
Documentation/userspace-api/landlock.rst).  Landlock logs can also be masked
thanks to audit rules.  Landlock can generate 2 audit record types.”h]”(hŒHDenied access requests are logged by default for a sandboxed program if ”…””}”(hjˆ  h²hh³Nh´NubhŒtitle_reference”“”)”}”(hŒ`audit`”h]”hŒaudit”…””}”(hj’  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjˆ  ubhŒô
is enabled.  This default behavior can be changed with the
sys_landlock_restrict_self() flags (cf.
Documentation/userspace-api/landlock.rst).  Landlock logs can also be masked
thanks to audit rules.  Landlock can generate 2 audit record types.”…””}”(hjˆ  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´Khjw  h²hubh×)”}”(hhh]”(hÜ)”}”(hŒRecord types”h]”hŒRecord types”…””}”(hj­  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÛhjª  h²hh³hÇh´KubhŒdefinition_list”“”)”}”(hhh]”(hŒdefinition_list_item”“”)”}”(hX8  AUDIT_LANDLOCK_ACCESS
This record type identifies a denied access request to a kernel resource.
The ``domain`` field indicates the ID of the domain that blocked the
request.  The ``blockers`` field indicates the cause(s) of this denial
(separated by a comma), and the following fields identify the kernel object
(similar to SELinux).  There may be more than one of this record type per
audit event.

Example with a file link request generating two records in the same event::

    domain=195ba459b blockers=fs.refer path="/usr/bin" dev="vda2" ino=351
    domain=195ba459b blockers=fs.make_reg,fs.refer path="/usr/local" dev="vda2" ino=365


The ``blockers`` field uses dot-separated prefixes to indicate the type of
restriction that caused the denial:

**fs.*** - Filesystem access rights (ABI 1+):
    - fs.execute, fs.write_file, fs.read_file, fs.read_dir
    - fs.remove_dir, fs.remove_file
    - fs.make_char, fs.make_dir, fs.make_reg, fs.make_sock
    - fs.make_fifo, fs.make_block, fs.make_sym
    - fs.refer (ABI 2+)
    - fs.truncate (ABI 3+)
    - fs.ioctl_dev (ABI 5+)

**net.*** - Network access rights (ABI 4+):
    - net.bind_tcp - TCP port binding was denied
    - net.connect_tcp - TCP connection was denied

**scope.*** - IPC scoping restrictions (ABI 6+):
    - scope.abstract_unix_socket - Abstract UNIX socket connection denied
    - scope.signal - Signal sending denied

Multiple blockers can appear in a single event (comma-separated) when
multiple access rights are missing. For example, creating a regular file
in a directory that lacks both ``make_reg`` and ``refer`` rights would show
``blockers=fs.make_reg,fs.refer``.

The object identification fields (path, dev, ino for filesystem; opid,
ocomm for signals) depend on the type of access being blocked and provide
context about what resource was involved in the denial.

”h]”(hŒterm”“”)”}”(hŒAUDIT_LANDLOCK_ACCESS”h]”hŒAUDIT_LANDLOCK_ACCESS”…””}”(hjÈ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÆ  h³hÇh´KFhjÂ  ubhŒ
definition”“”)”}”(hhh]”(j  )”}”(hXx  This record type identifies a denied access request to a kernel resource.
The ``domain`` field indicates the ID of the domain that blocked the
request.  The ``blockers`` field indicates the cause(s) of this denial
(separated by a comma), and the following fields identify the kernel object
(similar to SELinux).  There may be more than one of this record type per
audit event.”h]”(hŒNThis record type identifies a denied access request to a kernel resource.
The ”…””}”(hjÛ  h²hh³Nh´NubhŒliteral”“”)”}”(hŒ
``domain``”h]”hŒdomain”…””}”(hjå  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hjÛ  ubhŒE field indicates the ID of the domain that blocked the
request.  The ”…””}”(hjÛ  h²hh³Nh´Nubjä  )”}”(hŒ``blockers``”h]”hŒblockers”…””}”(hj÷  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hjÛ  ubhŒÏ field indicates the cause(s) of this denial
(separated by a comma), and the following fields identify the kernel object
(similar to SELinux).  There may be more than one of this record type per
audit event.”…””}”(hjÛ  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´KhjØ  ubj  )”}”(hŒKExample with a file link request generating two records in the same event::”h]”hŒJExample with a file link request generating two records in the same event:”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K$hjØ  ubhŒliteral_block”“”)”}”(hŒ™domain=195ba459b blockers=fs.refer path="/usr/bin" dev="vda2" ino=351
domain=195ba459b blockers=fs.make_reg,fs.refer path="/usr/local" dev="vda2" ino=365”h]”hŒ™domain=195ba459b blockers=fs.refer path="/usr/bin" dev="vda2" ino=351
domain=195ba459b blockers=fs.make_reg,fs.refer path="/usr/local" dev="vda2" ino=365”…””}”hj  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j  h³hÇh´K&hjØ  ubj  )”}”(hŒnThe ``blockers`` field uses dot-separated prefixes to indicate the type of
restriction that caused the denial:”h]”(hŒThe ”…””}”(hj-  h²hh³Nh´Nubjä  )”}”(hŒ``blockers``”h]”hŒblockers”…””}”(hj5  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hj-  ubhŒ^ field uses dot-separated prefixes to indicate the type of
restriction that caused the denial:”…””}”(hj-  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K*hjØ  ubj¼  )”}”(hhh]”(jÁ  )”}”(hX*  **fs.*** - Filesystem access rights (ABI 1+):
- fs.execute, fs.write_file, fs.read_file, fs.read_dir
- fs.remove_dir, fs.remove_file
- fs.make_char, fs.make_dir, fs.make_reg, fs.make_sock
- fs.make_fifo, fs.make_block, fs.make_sym
- fs.refer (ABI 2+)
- fs.truncate (ABI 3+)
- fs.ioctl_dev (ABI 5+)
”h]”(jÇ  )”}”(hŒ-**fs.*** - Filesystem access rights (ABI 1+):”h]”(hŒstrong”“”)”}”(hŒ**fs.***”h]”hŒfs.*”…””}”(hjZ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jX  hjT  ubhŒ% - Filesystem access rights (ABI 1+):”…””}”(hjT  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÆ  h³hÇh´K4hjP  ubj×  )”}”(hhh]”hŒbullet_list”“”)”}”(hhh]”(hŒ	list_item”“”)”}”(hŒ4fs.execute, fs.write_file, fs.read_file, fs.read_dir”h]”j  )”}”(hj~  h]”hŒ4fs.execute, fs.write_file, fs.read_file, fs.read_dir”…””}”(hj€  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K.hj|  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jz  hjw  ubj{  )”}”(hŒfs.remove_dir, fs.remove_file”h]”j  )”}”(hj•  h]”hŒfs.remove_dir, fs.remove_file”…””}”(hj—  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K/hj“  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jz  hjw  ubj{  )”}”(hŒ4fs.make_char, fs.make_dir, fs.make_reg, fs.make_sock”h]”j  )”}”(hj¬  h]”hŒ4fs.make_char, fs.make_dir, fs.make_reg, fs.make_sock”…””}”(hj®  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K0hjª  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jz  hjw  ubj{  )”}”(hŒ(fs.make_fifo, fs.make_block, fs.make_sym”h]”j  )”}”(hjÃ  h]”hŒ(fs.make_fifo, fs.make_block, fs.make_sym”…””}”(hjÅ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K1hjÁ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jz  hjw  ubj{  )”}”(hŒfs.refer (ABI 2+)”h]”j  )”}”(hjÚ  h]”hŒfs.refer (ABI 2+)”…””}”(hjÜ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K2hjØ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jz  hjw  ubj{  )”}”(hŒfs.truncate (ABI 3+)”h]”j  )”}”(hjñ  h]”hŒfs.truncate (ABI 3+)”…””}”(hjó  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K3hjï  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jz  hjw  ubj{  )”}”(hŒfs.ioctl_dev (ABI 5+)
”h]”j  )”}”(hŒfs.ioctl_dev (ABI 5+)”h]”hŒfs.ioctl_dev (ABI 5+)”…””}”(hj
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K4hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jz  hjw  ubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ-”uh1ju  h³hÇh´K.hjr  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÖ  hjP  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÀ  h³hÇh´K4hjM  ubjÁ  )”}”(hŒ‡**net.*** - Network access rights (ABI 4+):
- net.bind_tcp - TCP port binding was denied
- net.connect_tcp - TCP connection was denied
”h]”(jÇ  )”}”(hŒ+**net.*** - Network access rights (ABI 4+):”h]”(jY  )”}”(hŒ	**net.***”h]”hŒnet.*”…””}”(hj:  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jX  hj6  ubhŒ" - Network access rights (ABI 4+):”…””}”(hj6  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÆ  h³hÇh´K8hj2  ubj×  )”}”(hhh]”jv  )”}”(hhh]”(j{  )”}”(hŒ*net.bind_tcp - TCP port binding was denied”h]”j  )”}”(hjZ  h]”hŒ*net.bind_tcp - TCP port binding was denied”…””}”(hj\  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K7hjX  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jz  hjU  ubj{  )”}”(hŒ,net.connect_tcp - TCP connection was denied
”h]”j  )”}”(hŒ+net.connect_tcp - TCP connection was denied”h]”hŒ+net.connect_tcp - TCP connection was denied”…””}”(hjs  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K8hjo  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jz  hjU  ubeh}”(h]”h ]”h"]”h$]”h&]”j$  j%  uh1ju  h³hÇh´K7hjR  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÖ  hj2  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÀ  h³hÇh´K8hjM  ubjÁ  )”}”(hŒž**scope.*** - IPC scoping restrictions (ABI 6+):
- scope.abstract_unix_socket - Abstract UNIX socket connection denied
- scope.signal - Signal sending denied
”h]”(jÇ  )”}”(hŒ0**scope.*** - IPC scoping restrictions (ABI 6+):”h]”(jY  )”}”(hŒ**scope.***”h]”hŒscope.*”…””}”(hj¡  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jX  hj  ubhŒ% - IPC scoping restrictions (ABI 6+):”…””}”(hj  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÆ  h³hÇh´K<hj™  ubj×  )”}”(hhh]”jv  )”}”(hhh]”(j{  )”}”(hŒCscope.abstract_unix_socket - Abstract UNIX socket connection denied”h]”j  )”}”(hjÁ  h]”hŒCscope.abstract_unix_socket - Abstract UNIX socket connection denied”…””}”(hjÃ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K;hj¿  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jz  hj¼  ubj{  )”}”(hŒ%scope.signal - Signal sending denied
”h]”j  )”}”(hŒ$scope.signal - Signal sending denied”h]”hŒ$scope.signal - Signal sending denied”…””}”(hjÚ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K<hjÖ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jz  hj¼  ubeh}”(h]”h ]”h"]”h$]”h&]”j$  j%  uh1ju  h³hÇh´K;hj¹  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÖ  hj™  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÀ  h³hÇh´K<hjM  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j»  hjØ  ubj  )”}”(hŒýMultiple blockers can appear in a single event (comma-separated) when
multiple access rights are missing. For example, creating a regular file
in a directory that lacks both ``make_reg`` and ``refer`` rights would show
``blockers=fs.make_reg,fs.refer``.”h]”(hŒ®Multiple blockers can appear in a single event (comma-separated) when
multiple access rights are missing. For example, creating a regular file
in a directory that lacks both ”…””}”(hj  h²hh³Nh´Nubjä  )”}”(hŒ``make_reg``”h]”hŒmake_reg”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hj  ubhŒ and ”…””}”(hj  h²hh³Nh´Nubjä  )”}”(hŒ	``refer``”h]”hŒrefer”…””}”(hj   h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hj  ubhŒ rights would show
”…””}”(hj  h²hh³Nh´Nubjä  )”}”(hŒ!``blockers=fs.make_reg,fs.refer``”h]”hŒblockers=fs.make_reg,fs.refer”…””}”(hj2  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hj  ubhŒ.”…””}”(hj  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K>hjØ  ubj  )”}”(hŒÈThe object identification fields (path, dev, ino for filesystem; opid,
ocomm for signals) depend on the type of access being blocked and provide
context about what resource was involved in the denial.”h]”hŒÈThe object identification fields (path, dev, ino for filesystem; opid,
ocomm for signals) depend on the type of access being blocked and provide
context about what resource was involved in the denial.”…””}”(hjJ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´KChjØ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÖ  hjÂ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÀ  h³hÇh´KFhj½  ubjÁ  )”}”(hXï  AUDIT_LANDLOCK_DOMAIN
This record type describes the status of a Landlock domain.  The ``status``
field can be either ``allocated`` or ``deallocated``.

The ``allocated`` status is part of the same audit event and follows
the first logged ``AUDIT_LANDLOCK_ACCESS`` record of a domain.  It identifies
Landlock domain information at the time of the sys_landlock_restrict_self()
call with the following fields:

- the ``domain`` ID
- the enforcement ``mode``
- the domain creator's ``pid``
- the domain creator's ``uid``
- the domain creator's executable path (``exe``)
- the domain creator's command line (``comm``)

Example::

    domain=195ba459b status=allocated mode=enforcing pid=300 uid=0 exe="/root/sandboxer" comm="sandboxer"

The ``deallocated`` status is an event on its own and it identifies a
Landlock domain release.  After such event, it is guarantee that the
related domain ID will never be reused during the lifetime of the system.
The ``domain`` field indicates the ID of the domain which is released, and
the ``denials`` field indicates the total number of denied access request,
which might not have been logged according to the audit rules and
sys_landlock_restrict_self()'s flags.

Example::

    domain=195ba459b status=deallocated denials=3

”h]”(jÇ  )”}”(hŒAUDIT_LANDLOCK_DOMAIN”h]”hŒAUDIT_LANDLOCK_DOMAIN”…””}”(hjh  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÆ  h³hÇh´Kghjd  ubj×  )”}”(hhh]”(j  )”}”(hŒThis record type describes the status of a Landlock domain.  The ``status``
field can be either ``allocated`` or ``deallocated``.”h]”(hŒAThis record type describes the status of a Landlock domain.  The ”…””}”(hjy  h²hh³Nh´Nubjä  )”}”(hŒ
``status``”h]”hŒstatus”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hjy  ubhŒ
field can be either ”…””}”(hjy  h²hh³Nh´Nubjä  )”}”(hŒ``allocated``”h]”hŒ	allocated”…””}”(hj“  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hjy  ubhŒ or ”…””}”(hjy  h²hh³Nh´Nubjä  )”}”(hŒ``deallocated``”h]”hŒdeallocated”…””}”(hj¥  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hjy  ubhŒ.”…””}”(hjy  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´KIhjv  ubj  )”}”(hŒþThe ``allocated`` status is part of the same audit event and follows
the first logged ``AUDIT_LANDLOCK_ACCESS`` record of a domain.  It identifies
Landlock domain information at the time of the sys_landlock_restrict_self()
call with the following fields:”h]”(hŒThe ”…””}”(hj½  h²hh³Nh´Nubjä  )”}”(hŒ``allocated``”h]”hŒ	allocated”…””}”(hjÅ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hj½  ubhŒE status is part of the same audit event and follows
the first logged ”…””}”(hj½  h²hh³Nh´Nubjä  )”}”(hŒ``AUDIT_LANDLOCK_ACCESS``”h]”hŒAUDIT_LANDLOCK_ACCESS”…””}”(hj×  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hj½  ubhŒ record of a domain.  It identifies
Landlock domain information at the time of the sys_landlock_restrict_self()
call with the following fields:”…””}”(hj½  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´KLhjv  ubjv  )”}”(hhh]”(j{  )”}”(hŒthe ``domain`` ID”h]”j  )”}”(hjô  h]”(hŒthe ”…””}”(hjö  h²hh³Nh´Nubjä  )”}”(hŒ
``domain``”h]”hŒdomain”…””}”(hjý  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hjö  ubhŒ ID”…””}”(hjö  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´KQhjò  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jz  hjï  ubj{  )”}”(hŒthe enforcement ``mode``”h]”j  )”}”(hj  h]”(hŒthe enforcement ”…””}”(hj  h²hh³Nh´Nubjä  )”}”(hŒ``mode``”h]”hŒmode”…””}”(hj&  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´KRhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jz  hjï  ubj{  )”}”(hŒthe domain creator's ``pid``”h]”j  )”}”(hjB  h]”(hŒthe domain creatorâ€™s ”…””}”(hjD  h²hh³Nh´Nubjä  )”}”(hŒ``pid``”h]”hŒpid”…””}”(hjK  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hjD  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´KShj@  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jz  hjï  ubj{  )”}”(hŒthe domain creator's ``uid``”h]”j  )”}”(hjg  h]”(hŒthe domain creatorâ€™s ”…””}”(hji  h²hh³Nh´Nubjä  )”}”(hŒ``uid``”h]”hŒuid”…””}”(hjp  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hji  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´KThje  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jz  hjï  ubj{  )”}”(hŒ.the domain creator's executable path (``exe``)”h]”j  )”}”(hjŒ  h]”(hŒ(the domain creatorâ€™s executable path (”…””}”(hjŽ  h²hh³Nh´Nubjä  )”}”(hŒ``exe``”h]”hŒexe”…””}”(hj•  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hjŽ  ubhŒ)”…””}”(hjŽ  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´KUhjŠ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jz  hjï  ubj{  )”}”(hŒ-the domain creator's command line (``comm``)
”h]”j  )”}”(hŒ,the domain creator's command line (``comm``)”h]”(hŒ%the domain creatorâ€™s command line (”…””}”(hj·  h²hh³Nh´Nubjä  )”}”(hŒ``comm``”h]”hŒcomm”…””}”(hj¿  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hj·  ubhŒ)”…””}”(hj·  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´KVhj³  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jz  hjï  ubeh}”(h]”h ]”h"]”h$]”h&]”j$  j%  uh1ju  h³hÇh´KQhjv  ubj  )”}”(hŒ	Example::”h]”hŒExample:”…””}”(hjã  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´KXhjv  ubj  )”}”(hŒedomain=195ba459b status=allocated mode=enforcing pid=300 uid=0 exe="/root/sandboxer" comm="sandboxer"”h]”hŒedomain=195ba459b status=allocated mode=enforcing pid=300 uid=0 exe="/root/sandboxer" comm="sandboxer"”…””}”hjñ  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j  h³hÇh´KZhjv  ubj  )”}”(hXÒ  The ``deallocated`` status is an event on its own and it identifies a
Landlock domain release.  After such event, it is guarantee that the
related domain ID will never be reused during the lifetime of the system.
The ``domain`` field indicates the ID of the domain which is released, and
the ``denials`` field indicates the total number of denied access request,
which might not have been logged according to the audit rules and
sys_landlock_restrict_self()'s flags.”h]”(hŒThe ”…””}”(hjÿ  h²hh³Nh´Nubjä  )”}”(hŒ``deallocated``”h]”hŒdeallocated”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hjÿ  ubhŒÆ status is an event on its own and it identifies a
Landlock domain release.  After such event, it is guarantee that the
related domain ID will never be reused during the lifetime of the system.
The ”…””}”(hjÿ  h²hh³Nh´Nubjä  )”}”(hŒ
``domain``”h]”hŒdomain”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hjÿ  ubhŒA field indicates the ID of the domain which is released, and
the ”…””}”(hjÿ  h²hh³Nh´Nubjä  )”}”(hŒ``denials``”h]”hŒdenials”…””}”(hj+  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hjÿ  ubhŒ¥ field indicates the total number of denied access request,
which might not have been logged according to the audit rules and
sys_landlock_restrict_self()â€™s flags.”…””}”(hjÿ  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K\hjv  ubj  )”}”(hŒ	Example::”h]”hŒExample:”…””}”(hjC  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´Kdhjv  ubj  )”}”(hŒ-domain=195ba459b status=deallocated denials=3”h]”hŒ-domain=195ba459b status=deallocated denials=3”…””}”hjQ  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j  h³hÇh´Kfhjv  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÖ  hjd  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÀ  h³hÇh´Kghj½  h²hubeh}”(h]”h ]”h"]”h$]”h&]”uh1j»  hjª  h²hh³hÇh´Nubeh}”(h]”Œrecord-types”ah ]”h"]”Œrecord types”ah$]”h&]”uh1hÖhjw  h²hh³hÇh´Kubh×)”}”(hhh]”(hÜ)”}”(hŒEvent samples”h]”hŒEvent samples”…””}”(hj|  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÛhjy  h²hh³hÇh´Kjubj  )”}”(hŒ9Here are two examples of log events (see serial numbers).”h]”hŒ9Here are two examples of log events (see serial numbers).”…””}”(hjŠ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´Klhjy  h²hubj  )”}”(hŒ¨In this example a sandboxed program (``kill``) tries to send a signal to the
init process, which is denied because of the signal scoping restriction
(``LL_SCOPED=s``)::”h]”(hŒ%In this example a sandboxed program (”…””}”(hj˜  h²hh³Nh´Nubjä  )”}”(hŒ``kill``”h]”hŒkill”…””}”(hj   h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hj˜  ubhŒi) tries to send a signal to the
init process, which is denied because of the signal scoping restriction
(”…””}”(hj˜  h²hh³Nh´Nubjä  )”}”(hŒ``LL_SCOPED=s``”h]”hŒLL_SCOPED=s”…””}”(hj²  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hj˜  ubhŒ):”…””}”(hj˜  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´Knhjy  h²hubj  )”}”(hŒE$ LL_FS_RO=/ LL_FS_RW=/ LL_SCOPED=s LL_FORCE_LOG=1 ./sandboxer kill 1”h]”hŒE$ LL_FS_RO=/ LL_FS_RW=/ LL_SCOPED=s LL_FORCE_LOG=1 ./sandboxer kill 1”…””}”hjÊ  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j  h³hÇh´Krhjy  h²hubj  )”}”(hXÓ  This command generates two events, each identified with a unique serial
number following a timestamp (``msg=audit(1729738800.268:30)``).  The first
event (serial ``30``) contains 4 records.  The first record
(``type=LANDLOCK_ACCESS``) shows an access denied by the domain `1a6fdc66f`.
The cause of this denial is signal scoping restriction
(``blockers=scope.signal``).  The process that would have receive this signal
is the init process (``opid=1 ocomm="systemd"``).”h]”(hŒfThis command generates two events, each identified with a unique serial
number following a timestamp (”…””}”(hjØ  h²hh³Nh´Nubjä  )”}”(hŒ ``msg=audit(1729738800.268:30)``”h]”hŒmsg=audit(1729738800.268:30)”…””}”(hjà  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hjØ  ubhŒ).  The first
event (serial ”…””}”(hjØ  h²hh³Nh´Nubjä  )”}”(hŒ``30``”h]”hŒ30”…””}”(hjò  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hjØ  ubhŒ)) contains 4 records.  The first record
(”…””}”(hjØ  h²hh³Nh´Nubjä  )”}”(hŒ``type=LANDLOCK_ACCESS``”h]”hŒtype=LANDLOCK_ACCESS”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hjØ  ubhŒ') shows an access denied by the domain ”…””}”(hjØ  h²hh³Nh´Nubj‘  )”}”(hŒ`1a6fdc66f`”h]”hŒ	1a6fdc66f”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjØ  ubhŒ:.
The cause of this denial is signal scoping restriction
(”…””}”(hjØ  h²hh³Nh´Nubjä  )”}”(hŒ``blockers=scope.signal``”h]”hŒblockers=scope.signal”…””}”(hj(  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hjØ  ubhŒI).  The process that would have receive this signal
is the init process (”…””}”(hjØ  h²hh³Nh´Nubjä  )”}”(hŒ``opid=1 ocomm="systemd"``”h]”hŒopid=1 ocomm="systemd"”…””}”(hj:  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hjØ  ubhŒ).”…””}”(hjØ  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´Kthjy  h²hubj  )”}”(hŒÒThe second record (``type=LANDLOCK_DOMAIN``) describes (``status=allocated``)
domain `1a6fdc66f`.  This domain was created by process ``286`` executing the
``/root/sandboxer`` program launched by the root user.”h]”(hŒThe second record (”…””}”(hjR  h²hh³Nh´Nubjä  )”}”(hŒ``type=LANDLOCK_DOMAIN``”h]”hŒtype=LANDLOCK_DOMAIN”…””}”(hjZ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hjR  ubhŒ) describes (”…””}”(hjR  h²hh³Nh´Nubjä  )”}”(hŒ``status=allocated``”h]”hŒstatus=allocated”…””}”(hjl  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hjR  ubhŒ	)
domain ”…””}”(hjR  h²hh³Nh´Nubj‘  )”}”(hŒ`1a6fdc66f`”h]”hŒ	1a6fdc66f”…””}”(hj~  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjR  ubhŒ&.  This domain was created by process ”…””}”(hjR  h²hh³Nh´Nubjä  )”}”(hŒ``286``”h]”hŒ286”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hjR  ubhŒ executing the
”…””}”(hjR  h²hh³Nh´Nubjä  )”}”(hŒ``/root/sandboxer``”h]”hŒ/root/sandboxer”…””}”(hj¢  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hjR  ubhŒ# program launched by the root user.”…””}”(hjR  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K|hjy  h²hubj  )”}”(hŒ—The third record (``type=SYSCALL``) describes the syscall, its provided
arguments, its result (``success=no exit=-1``), and the process that called it.”h]”(hŒThe third record (”…””}”(hjº  h²hh³Nh´Nubjä  )”}”(hŒ``type=SYSCALL``”h]”hŒtype=SYSCALL”…””}”(hjÂ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hjº  ubhŒ=) describes the syscall, its provided
arguments, its result (”…””}”(hjº  h²hh³Nh´Nubjä  )”}”(hŒ``success=no exit=-1``”h]”hŒsuccess=no exit=-1”…””}”(hjÔ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hjº  ubhŒ"), and the process that called it.”…””}”(hjº  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K€hjy  h²hubj  )”}”(hŒ«The fourth record (``type=PROCTITLE``) shows the command's name as an
hexadecimal value.  This can be translated with ``python -c
'print(bytes.fromhex("6B696C6C0031"))'``.”h]”(hŒThe fourth record (”…””}”(hjì  h²hh³Nh´Nubjä  )”}”(hŒ``type=PROCTITLE``”h]”hŒtype=PROCTITLE”…””}”(hjô  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hjì  ubhŒS) shows the commandâ€™s name as an
hexadecimal value.  This can be translated with ”…””}”(hjì  h²hh³Nh´Nubjä  )”}”(hŒ4``python -c
'print(bytes.fromhex("6B696C6C0031"))'``”h]”hŒ0python -c
'print(bytes.fromhex("6B696C6C0031"))'”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hjì  ubhŒ.”…””}”(hjì  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´Kƒhjy  h²hubj  )”}”(hXÚ  Finally, the last record (``type=LANDLOCK_DOMAIN``) is also the only one from
the second event (serial ``31``).  It is not tied to a direct user space action
but an asynchronous one to free resources tied to a Landlock domain
(``status=deallocated``).  This can be useful to know that the following logs
will not concern the domain ``1a6fdc66f`` anymore.  This record also summarize
the number of requests this domain denied (``denials=1``), whether they were
logged or not.”h]”(hŒFinally, the last record (”…””}”(hj  h²hh³Nh´Nubjä  )”}”(hŒ``type=LANDLOCK_DOMAIN``”h]”hŒtype=LANDLOCK_DOMAIN”…””}”(hj&  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hj  ubhŒ5) is also the only one from
the second event (serial ”…””}”(hj  h²hh³Nh´Nubjä  )”}”(hŒ``31``”h]”hŒ31”…””}”(hj8  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hj  ubhŒv).  It is not tied to a direct user space action
but an asynchronous one to free resources tied to a Landlock domain
(”…””}”(hj  h²hh³Nh´Nubjä  )”}”(hŒ``status=deallocated``”h]”hŒstatus=deallocated”…””}”(hjJ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hj  ubhŒS).  This can be useful to know that the following logs
will not concern the domain ”…””}”(hj  h²hh³Nh´Nubjä  )”}”(hŒ``1a6fdc66f``”h]”hŒ	1a6fdc66f”…””}”(hj\  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hj  ubhŒQ anymore.  This record also summarize
the number of requests this domain denied (”…””}”(hj  h²hh³Nh´Nubjä  )”}”(hŒ``denials=1``”h]”hŒ	denials=1”…””}”(hjn  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jã  hj  ubhŒ#), whether they were
logged or not.”…””}”(hj  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K‡hjy  h²hubj  )”}”(hXF  type=LANDLOCK_ACCESS msg=audit(1729738800.268:30): domain=1a6fdc66f blockers=scope.signal opid=1 ocomm="systemd"
type=LANDLOCK_DOMAIN msg=audit(1729738800.268:30): domain=1a6fdc66f status=allocated mode=enforcing pid=286 uid=0 exe="/root/sandboxer" comm="sandboxer"
type=SYSCALL msg=audit(1729738800.268:30): arch=c000003e syscall=62 success=no exit=-1 [..] ppid=272 pid=286 auid=0 uid=0 gid=0 [...] comm="kill" [...]
type=PROCTITLE msg=audit(1729738800.268:30): proctitle=6B696C6C0031
type=LANDLOCK_DOMAIN msg=audit(1729738800.324:31): domain=1a6fdc66f status=deallocated denials=1”h]”hXF  type=LANDLOCK_ACCESS msg=audit(1729738800.268:30): domain=1a6fdc66f blockers=scope.signal opid=1 ocomm="systemd"
type=LANDLOCK_DOMAIN msg=audit(1729738800.268:30): domain=1a6fdc66f status=allocated mode=enforcing pid=286 uid=0 exe="/root/sandboxer" comm="sandboxer"
type=SYSCALL msg=audit(1729738800.268:30): arch=c000003e syscall=62 success=no exit=-1 [..] ppid=272 pid=286 auid=0 uid=0 gid=0 [...] comm="kill" [...]
type=PROCTITLE msg=audit(1729738800.268:30): proctitle=6B696C6C0031
type=LANDLOCK_DOMAIN msg=audit(1729738800.324:31): domain=1a6fdc66f status=deallocated denials=1”…””}”hj†  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆŒforce”‰Œlanguage”Œnone”Œhighlight_args”}”uh1j  h³hÇh´Khjy  h²hubj  )”}”(hŒ>Here is another example showcasing filesystem access control::”h]”hŒ=Here is another example showcasing filesystem access control:”…””}”(hj™  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K—hjy  h²hubj  )”}”(hŒP$ LL_FS_RO=/ LL_FS_RW=/tmp LL_FORCE_LOG=1 ./sandboxer sh -c "echo > /etc/passwd"”h]”hŒP$ LL_FS_RO=/ LL_FS_RW=/tmp LL_FORCE_LOG=1 ./sandboxer sh -c "echo > /etc/passwd"”…””}”hj§  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j  h³hÇh´K™hjy  h²hubj  )”}”(hŒ‚The related audit logs contains 8 records from 3 different events (serials 33,
34 and 35) created by the same domain `1a6fdc679`::”h]”(hŒuThe related audit logs contains 8 records from 3 different events (serials 33,
34 and 35) created by the same domain ”…””}”(hjµ  h²hh³Nh´Nubj‘  )”}”(hŒ`1a6fdc679`”h]”hŒ	1a6fdc679”…””}”(hj½  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjµ  ubhŒ:”…””}”(hjµ  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K›hjy  h²hubj  )”}”(hXÿ  type=LANDLOCK_ACCESS msg=audit(1729738800.221:33): domain=1a6fdc679 blockers=fs.write_file path="/dev/tty" dev="devtmpfs" ino=9
type=LANDLOCK_DOMAIN msg=audit(1729738800.221:33): domain=1a6fdc679 status=allocated mode=enforcing pid=289 uid=0 exe="/root/sandboxer" comm="sandboxer"
type=SYSCALL msg=audit(1729738800.221:33): arch=c000003e syscall=257 success=no exit=-13 [...] ppid=272 pid=289 auid=0 uid=0 gid=0 [...] comm="sh" [...]
type=PROCTITLE msg=audit(1729738800.221:33): proctitle=7368002D63006563686F203E202F6574632F706173737764
type=LANDLOCK_ACCESS msg=audit(1729738800.221:34): domain=1a6fdc679 blockers=fs.write_file path="/etc/passwd" dev="vda2" ino=143821
type=SYSCALL msg=audit(1729738800.221:34): arch=c000003e syscall=257 success=no exit=-13 [...] ppid=272 pid=289 auid=0 uid=0 gid=0 [...] comm="sh" [...]
type=PROCTITLE msg=audit(1729738800.221:34): proctitle=7368002D63006563686F203E202F6574632F706173737764
type=LANDLOCK_DOMAIN msg=audit(1729738800.261:35): domain=1a6fdc679 status=deallocated denials=2”h]”hXÿ  type=LANDLOCK_ACCESS msg=audit(1729738800.221:33): domain=1a6fdc679 blockers=fs.write_file path="/dev/tty" dev="devtmpfs" ino=9
type=LANDLOCK_DOMAIN msg=audit(1729738800.221:33): domain=1a6fdc679 status=allocated mode=enforcing pid=289 uid=0 exe="/root/sandboxer" comm="sandboxer"
type=SYSCALL msg=audit(1729738800.221:33): arch=c000003e syscall=257 success=no exit=-13 [...] ppid=272 pid=289 auid=0 uid=0 gid=0 [...] comm="sh" [...]
type=PROCTITLE msg=audit(1729738800.221:33): proctitle=7368002D63006563686F203E202F6574632F706173737764
type=LANDLOCK_ACCESS msg=audit(1729738800.221:34): domain=1a6fdc679 blockers=fs.write_file path="/etc/passwd" dev="vda2" ino=143821
type=SYSCALL msg=audit(1729738800.221:34): arch=c000003e syscall=257 success=no exit=-13 [...] ppid=272 pid=289 auid=0 uid=0 gid=0 [...] comm="sh" [...]
type=PROCTITLE msg=audit(1729738800.221:34): proctitle=7368002D63006563686F203E202F6574632F706173737764
type=LANDLOCK_DOMAIN msg=audit(1729738800.261:35): domain=1a6fdc679 status=deallocated denials=2”…””}”hjÕ  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j  h³hÇh´Kžhjy  h²hubeh}”(h]”Œevent-samples”ah ]”h"]”Œevent samples”ah$]”h&]”uh1hÖhjw  h²hh³hÇh´Kjubh×)”}”(hhh]”(hÜ)”}”(hŒEvent filtering”h]”hŒEvent filtering”…””}”(hjî  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÛhjë  h²hh³hÇh´K©ubj  )”}”(hŒÇIf you get spammed with audit logs related to Landlock, this is either an
attack attempt or a bug in the security policy.  We can put in place some
filters to limit noise with two complementary ways:”h]”hŒÇIf you get spammed with audit logs related to Landlock, this is either an
attack attempt or a bug in the security policy.  We can put in place some
filters to limit noise with two complementary ways:”…””}”(hjü  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K«hjë  h²hubjv  )”}”(hhh]”(j{  )”}”(hŒOwith sys_landlock_restrict_self()'s flags if we can fix the sandboxed
programs,”h]”j  )”}”(hŒOwith sys_landlock_restrict_self()'s flags if we can fix the sandboxed
programs,”h]”hŒQwith sys_landlock_restrict_self()â€™s flags if we can fix the sandboxed
programs,”…””}”(hj	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K¯hj	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jz  hj
	  h²hh³hÇh´Nubj{  )”}”(hŒ2or with audit rules (see :manpage:`auditctl(8)`).
”h]”j  )”}”(hŒ1or with audit rules (see :manpage:`auditctl(8)`).”h]”(hŒor with audit rules (see ”…””}”(hj)	  h²hh³Nh´Nubh Œmanpage”“”)”}”(hŒ:manpage:`auditctl(8)`”h]”hŒauditctl(8)”…””}”(hj3	  h²hh³Nh´Nubah}”(h]”h ]”j1	  ah"]”h$]”h&]”hÅhÆŒpath”Œauditctl(8)”Œpage”Œauditctl”Œsection”Œ8”uh1j1	  hj)	  ubhŒ).”…””}”(hj)	  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K±hj%	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jz  hj
	  h²hh³hÇh´Nubeh}”(h]”h ]”h"]”h$]”h&]”j$  j%  uh1ju  h³hÇh´K¯hjë  h²hubeh}”(h]”Œevent-filtering”ah ]”h"]”Œevent filtering”ah$]”h&]”uh1hÖhjw  h²hh³hÇh´K©ubeh}”(h]”Œaudit”ah ]”h"]”Œaudit”ah$]”h&]”uh1hÖhhØh²hh³hÇh´Kubh×)”}”(hhh]”(hÜ)”}”(hŒAdditional documentation”h]”hŒAdditional documentation”…””}”(hjp	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÛhjm	  h²hh³hÇh´K´ubjv  )”}”(hhh]”(j{  )”}”(hŒ`Linux Audit Documentation`_”h]”j  )”}”(hjƒ	  h]”hŒ	reference”“”)”}”(hjƒ	  h]”hŒLinux Audit Documentation”…””}”(hjŠ	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒLinux Audit Documentation”Œrefuri”Œ7https://github.com/linux-audit/audit-documentation/wiki”uh1jˆ	  hj…	  Œresolved”Kubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K¶hj	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jz  hj~	  h²hh³hÇh´Nubj{  )”}”(hŒ(Documentation/userspace-api/landlock.rst”h]”j  )”}”(hjª	  h]”hŒ(Documentation/userspace-api/landlock.rst”…””}”(hj¬	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K·hj¨	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jz  hj~	  h²hh³hÇh´Nubj{  )”}”(hŒ#Documentation/security/landlock.rst”h]”j  )”}”(hjÁ	  h]”hŒ#Documentation/security/landlock.rst”…””}”(hjÃ	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K¸hj¿	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jz  hj~	  h²hh³hÇh´Nubj{  )”}”(hŒhttps://landlock.io
”h]”j  )”}”(hŒhttps://landlock.io”h]”j‰	  )”}”(hjÜ	  h]”hŒhttps://landlock.io”…””}”(hjÞ	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”jÜ	  uh1jˆ	  hjÚ	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K¹hjÖ	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jz  hj~	  h²hh³hÇh´Nubeh}”(h]”h ]”h"]”h$]”h&]”j$  Œ*”uh1ju  h³hÇh´K¶hjm	  h²hubh¶)”}”(hŒLinks”h]”hŒLinks”…””}”hjÿ	  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1hµhjm	  h²hh³hÇh´K»ubhŒtarget”“”)”}”(hŒY.. _Linux Audit Documentation:
   https://github.com/linux-audit/audit-documentation/wiki”h]”h}”(h]”Œlinux-audit-documentation”ah ]”h"]”Œlinux audit documentation”ah$]”h&]”j™	  jš	  uh1j
  h´K¼hjm	  h²hh³hÇŒ
referenced”Kubeh}”(h]”Œadditional-documentation”ah ]”h"]”Œadditional documentation”ah$]”h&]”uh1hÖhhØh²hh³hÇh´K´ubeh}”(h]”Œlandlock-system-wide-management”ah ]”h"]”Œ landlock: system-wide management”ah$]”h&]”uh1hÖhhh²hh³hÇh´Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”hÇuh1hŒcurrent_source”NŒcurrent_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(hÛNŒ	generator”NŒ	datestamp”NŒsource_link”NŒ
source_url”NŒtoc_backlinks”Œentry”Œfootnote_backlinks”KŒsectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒstrip_classes”NŒreport_level”KŒ
halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ	traceback”ˆŒinput_encoding”Œ	utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”jO
  Œerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œlanguage_code”Œen”Œrecord_dependencies”NŒconfig”NŒ	id_prefix”hŒauto_id_prefix”Œid”Œdump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”hÇŒ_destination”NŒ_config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒraw_enabled”KŒline_length_limit”M'Œpep_references”NŒpep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒrfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ	tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œsmart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œdocinfo_xform”KŒsectsubtitle_xform”‰Œimage_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œlinux audit documentation”]”jŠ	  asŒrefids”}”Œnameids”}”(j)
  j&
  jj	  jg	  jv  js  jè  jå  jb	  j_	  j!
  j
  j
  j
  uŒ	nametypes”}”(j)
  ‰jj	  ‰jv  ‰jè  ‰jb	  ‰j!
  ‰j
  ˆuh}”(j&
  hØjg	  jw  js  jª  jå  jy  j_	  jë  j
  jm	  j
  j
  uŒfootnote_refs”}”Œcitation_refs”}”Œautofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ	footnotes”]”Œ	citations”]”Œautofootnote_start”KŒsymbol_footnote_start”K Œ
id_counter”Œcollections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œtransformer”NŒinclude_log”]”Œ
decoration”Nh²hub.