Landlock: unprivileged access control
The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes. Because Landlock is a stackable LSM, it makes possible to create safe security sandboxes as new security layers in addition to the existing system-wide access-controls. This kind of sandbox is expected to help mitigate the security impact of bugs or unexpected/malicious behaviors in user space applications. Landlock empowers any process, including unprivileged ones, to securely restrict themselves.
Mailing list dedicated to user space development involving Landlock: subscription, posting and archives.
Landlock documentation – Landlock article – kernel code – sandbox manager example – kernel tests – syzkaller coverage
News
Newsletter (2024-07-16) - Landlock news #4
Linux 6.9 (2024-05-12) - Add support for KUnit and extend documentation
Linux 6.7 (2024-01-27) - New LANDLOCK_ACCESS_NET_BIND_TCP and LANDLOCK_ACCESS_NET_CONNECT_TCP
Linux 6.5 (2023-08-27) - Add support to the UML architecture
Newsletter (2023-03-22) - Landlock news #3
Linux 6.2 (2023-02-19) - New LANDLOCK_ACCESS_FS_TRUNCATE
Newsletter (2022-08-17) - Landlock news #2
Linux 5.19 (2022-07-31) - New LANDLOCK_ACCESS_FS_REFER, improved documentation and 16 layers limit
Newsletter (2021-09-01) - Landlock news #1
Linux 5.13 (2021-06-27) - Initial Landlock version
LWN article (2021-06-17) - Landlock (finally) sets sail
Conferences
Pass the Salt (2024-07-03) - Landlock workshop: Linux sandboxing in practice – slides
SSTIC (2024-06-06) - Landlock: From a security mechanism idea to a widely available implementation – article and slides
Class and workshop (2024-01-22) Landlock overview and Landlock workshop
Kernel Recipes (2023-09-25) - Update on Landlock: Audit, Debugging and Metrics – slides
Linux Security Summit Europe (2023-09-21) - Landlock Workshop: Sandboxing Application for Fun and Protection – slides
Linux Security Summit Europe (2023-09-21) - Update on Landlock: Audit, Debugging and Metrics – slides
FOSDEM (2023-02-04) - Backward and forward compatibility for security features (illustrated with Landlock) – slides
Netdev 0x16 (2022-10-24) - How to sandbox a network application with Landlock – slides and tutorial files
Pass the Salt (2022-07-04) - Sandboxing your application with Landlock, illustration with the p7zip case – slides and recording
Linux Security Summit North America (2022-06-24) - Update on Landlock: Lifting the File Reparenting Limits and Supporting Network Rules – slides and recording
Linux Security Summit (2021-09-29) - Deep Dive into Landlock Internals – slides and recording
Open Source Summit (2021-09-28) - Sandboxing Applications with Landlock – slides and recording
Roadmap (kernel-side)
Kernel development still happens on the related mailing lists though.
External links
Archives
Warning
Landlock is not based on eBPF anymore. These talks are outdated but kept for reference.
Summary 2019 – Landlock: a new kind of Linux Security Module leveraging eBPF
Linux Security Summit 2018 – How to safely restrict access to files in a programmatic way with Landlock?
Abstract – Slides – Demo video #1 (web server) – Demo video #2 (dynamic map update) – Demo code
Pass the SALT 2018 – Internals of Landlock: a new kind of Linux Security Module leveraging eBPF
Abstract and video – Slides – Demo video #1 (web server) – Demo video #2 (dynamic map update) – Demo code