Landlock: Unprivileged Sandboxing

The goal of Landlock is to enable restricting ambient rights (e.g. global filesystem access) for a set of processes. Because Landlock is a stackable LSM, it makes it possible to create safe security sandboxes as new security layers in addition to the existing system-wide access controls. This kind of sandbox is expected to help mitigate the security impact of bugs or unexpected/malicious behaviors in user space applications. Landlock empowers any process, including unprivileged ones, to securely restrict themselves.

Resources

Main resources are available through the left panel.

Additional resources:

• Article Landlock: From a security mechanism idea to a widely available implementation

• Sandbox manager example (in C)

• Kernel code

• Tests and syzkaller coverage

• Landlock logo

Contribute

Kernel development happens on the Linux Security Modules mailing list by submitting patches.

User space news is on the Landlock mailing list. You can subscribe and post with any email client.