Landlock: unprivileged access control

The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes. Because Landlock is a stackable LSM, it makes possible to create safe security sandboxes as new security layers in addition to the existing system-wide access-controls. This kind of sandbox is expected to help mitigate the security impact of bugs or unexpected/malicious behaviors in user space applications. Landlock empowers any process, including unprivileged ones, to securely restrict themselves.

Mailing list dedicated to user space development involving Landlock: subscription, posting and archives.

Landlock documentationLandlock articlekernel codesandbox manager examplekernel testssyzkaller coverage



Roadmap (kernel-side)

See Landlock tasks on GitHub.

Kernel development still happens on the related mailing lists though.



Landlock is not based on eBPF anymore. These talks are outdated but kept for reference.

Summary 2019 – Landlock: a new kind of Linux Security Module leveraging eBPF


Linux Security Summit 2018 – How to safely restrict access to files in a programmatic way with Landlock?

AbstractSlidesDemo video #1 (web server)Demo video #2 (dynamic map update)Demo code

Pass the SALT 2018 – Internals of Landlock: a new kind of Linux Security Module leveraging eBPF

Abstract and videoSlidesDemo video #1 (web server)Demo video #2 (dynamic map update)Demo code

FOSDEM 2018 – File access-control per container with Landlock

Abstract and videoSlidesDemo videoDemo code

Linux Security Summit 2017 – Landlock LSM: toward unprivileged sandboxing

SlidesDemo #1Demo #2