Landlock: unprivileged access-control

The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes. Because Landlock is a stackable LSM, it makes possible to create safe security sandboxes as new security layers in addition to the existing system-wide access-controls. This kind of sandbox is expected to help mitigate the security impact of bugs or unexpected/malicious behaviors in user-space applications. Landlock empower any process, including unprivileged ones, to securely restrict themselves.

[PATCH v15]

Landlock LSM

LKML code sandbox manager example tests documentation

[PATCH v14]

Landlock LSM

LKML code sandbox manager example tests documentation

[PATCH v13]

Landlock LSM

LKML code ptrace tests documentation

[PATCH v12]

Landlock LSM

LKML code ptrace tests documentation

[PATCH v11]

Landlock LSM

LKML code ptrace tests documentation

Summary 2019

Landlock: a new kind of Linux Security Module leveraging eBPF

Slides

[PATCH v10]

Landlock LSM: toward unprivileged sandboxing

LKML code program example documentation

[PATCH v9]

Landlock LSM: toward unprivileged sandboxing

LKML code program example documentation

Linux Security Summit 2018

How to safely restrict access to files in a programmatic way with Landlock?

Abstract Slides Demo video #1 (web server) Demo video #2 (dynamic map update) Demo code

Pass the SALT 2018

Internals of Landlock: a new kind of Linux Security Module leveraging eBPF

Abstract and video Slides Demo video #1 (web server) Demo video #2 (dynamic map update) Demo code

[PATCH v8]

Landlock LSM: toward unprivileged sandboxing

LKML code program example documentation

FOSDEM 2018

File access-control per container with Landlock

Abstract and video Slides Demo video Demo code

Linux Security Summit 2017

Landlock LSM: toward unprivileged sandboxing

Slides Demo #1 Demo #2

[PATCH v7]

Landlock LSM: toward unprivileged sandboxing

LKML code rule example documentation