mainline inclusion
from mainline-v5.13-rc1
commit ba84b0bf
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I6DJU0
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ba84b0bf5a164f0f523656c1e37568c30f3f3303

--------------------------------

Add a basic sandbox tool to launch a command which can only access a
list of file hierarchies in a read-only or read-write way.

Cc: James Morris <jmorris@namei.org>
Cc: Serge E. Hallyn <serge@hallyn.com>
Signed-off-by: NMickaël Salaün <mic@linux.microsoft.com>
Reviewed-by: NJann Horn <jannh@google.com>
Reviewed-by: NKees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20210422154123.13086-12-mic@digikod.netSigned-off-by: NJames Morris <jamorris@linux.microsoft.com>
Signed-off-by: NYi Yang <yiyang13@huawei.com>