Landlock: unprivileged access control

The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes. Because Landlock is a stackable LSM, it makes possible to create safe security sandboxes as new security layers in addition to the existing system-wide access-controls. This kind of sandbox is expected to help mitigate the security impact of bugs or unexpected/malicious behaviors in user space applications. Landlock empowers any process, including unprivileged ones, to securely restrict themselves.

Mailing list dedicated to user space development involving Landlock: subscription, posting and archives.

Landlock documentationcodesandbox manager exampletestssyzkaller coverage

Landlock overviewLandlock workshop



Roadmap (kernel-side)

Short term:
  • add audit features to ease debugging;

  • add minimal network access-control types;

  • add minimal process signaling access-control types;

  • improve kernel performance for the current features;

Medium term:
  • extend filesystem access-control types to address the current limitations;

  • add the ability to follow a deny listing approach, which is required for some use cases.

  • extend network access-control types;

Long term:
  • add the ability to create (file descriptor) capabilities compatible with Capsicum.

p7zip – Landlock support (WIP)

Add sandboxing with Landlock #184

GNU Tar – [PATCH v1] Landlock support




Landlock is not based on eBPF anymore. These talks are outdated but kept for reference.

Summary 2019 – Landlock: a new kind of Linux Security Module leveraging eBPF


Linux Security Summit 2018 – How to safely restrict access to files in a programmatic way with Landlock?

AbstractSlidesDemo video #1 (web server)Demo video #2 (dynamic map update)Demo code

Pass the SALT 2018 – Internals of Landlock: a new kind of Linux Security Module leveraging eBPF

Abstract and videoSlidesDemo video #1 (web server)Demo video #2 (dynamic map update)Demo code

FOSDEM 2018 – File access-control per container with Landlock

Abstract and videoSlidesDemo videoDemo code

Linux Security Summit 2017 – Landlock LSM: toward unprivileged sandboxing

SlidesDemo #1Demo #2