Landlock: Unprivileged Sandboxing#
The goal of Landlock is to enable restricting ambient rights (e.g. global filesystem access) for a set of processes. Because Landlock is a stackable LSM, it makes it possible to create safe security sandboxes as new security layers in addition to the existing system-wide access controls. This kind of sandbox is expected to help mitigate the security impact of bugs or unexpected/malicious behaviors in user space applications. Landlock empowers any process, including unprivileged ones, to securely restrict themselves.
Resources#
Main resources are available through the left panel.
Additional resources:
Contribute#
Kernel development happens on the Linux Security Modules mailing list by submitting patches.
User space news is on the Landlock mailing list. You can subscribe and post with any email client.