Landlock: unprivileged access control

The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes. Because Landlock is a stackable LSM, it makes possible to create safe security sandboxes as new security layers in addition to the existing system-wide access-controls. This kind of sandbox is expected to help mitigate the security impact of bugs or unexpected/malicious behaviors in user space applications. Landlock empowers any process, including unprivileged ones, to securely restrict themselves.

Mailing list dedicated to user space development involving Landlock: subscription, posting and archives.

News

Newsletter (2021-09-01) - Landlock news #1
LWN article (2021-06-17) - Landlock (finally) sets sail

Conferences

Open Source Summit (2021-09-28) - Sandboxing Applications with Landlock – slides and recording
Linux Security Summit (2021-09-29) - Deep Dive into Landlock Internals – slides and recording

Roadmap (kernel-side)

Short term:

improve kernel performance for the current features;
add the ability to change the parent directory of files (see current Landlock limitations).

Medium term:

add audit features to ease debugging;
extend filesystem access-control types to address the current limitations;
add the ability to follow a deny listing approach, which is required for some use cases.

Long term: