Landlock: unprivileged access control¶

The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes. Because Landlock is a stackable LSM, it makes possible to create safe security sandboxes as new security layers in addition to the existing system-wide access-controls. This kind of sandbox is expected to help mitigate the security impact of bugs or unexpected/malicious behaviors in user space applications. Landlock empowers any process, including unprivileged ones, to securely restrict themselves.

Mailing list dedicated to user space development involving Landlock: subscription, posting and archives.

[PATCH v34] – Landlock LSM¶

Note

Merged in mainline: will be available in Linux 5.13!

LKML – code – sandbox manager example – tests – documentation – LCOV coverage – syzkaller coverage

GNU Tar – [PATCH v1] Landlock support¶

patch – code

External links¶

Twitter – GitHub

Archives¶

Warning

Landlock is not based on eBPF anymore. These talks are outdated but kept for reference.

Summary 2019 – Landlock: a new kind of Linux Security Module leveraging eBPF¶

Slides

Linux Security Summit 2018 – How to safely restrict access to files in a programmatic way with Landlock?¶

Abstract – Slides – Demo video #1 (web server) – Demo video #2 (dynamic map update) – Demo code

Pass the SALT 2018 – Internals of Landlock: a new kind of Linux Security Module leveraging eBPF¶

Abstract and video – Slides – Demo video #1 (web server) – Demo video #2 (dynamic map update) – Demo code

FOSDEM 2018 – File access-control per container with Landlock¶

Abstract and video – Slides – Demo video – Demo code

Linux Security Summit 2017 – Landlock LSM: toward unprivileged sandboxing¶

Slides – Demo #1 – Demo #2