[compiler-rt] [sanitizer] Disable writes to log files for binaries in a secure context. (PR #92593)
via llvm-commits
llvm-commits at lists.llvm.org
Fri Jun 7 12:33:19 PDT 2024
bigb4ng wrote:
> The way `AT_SECURE` interacts with SELinux is as follows: if a binary call results in a domain transition, it is considered `AT_SECURE` because it runs with _different permissions from the caller_.
Just to clarify, the issue I described is for alternative drop-privilege solution I described. SELinux use-cases will indeed be patched by the current version of the PR.
https://github.com/llvm/llvm-project/pull/92593
More information about the llvm-commits
mailing list