Landlock news #5#
Here is the fifth Landlock newsletter!
TL;DR: Check your sandboxed programs with Linux 6.15, review the audit logs, and update the sandbox policy if you see any Landlock events.
Kernel features#
Restricting signals and abstract UNIX sockets#
Linux 6.12 (Landlock ABI 6) introduces IPC scoping with a new ruleset
“scoped” field, thanks to Tahera Fahimi. This field accepts a set of
flags: the LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET flag denies connections
to abstract UNIX sockets created outside the current scoped domain, and
the LANDLOCK_SCOPE_SIGNAL flag denies sending signals to processes
outside the current scoped domain.
These restrictions also apply to nested domains according to their scope. Both features have been requested to help isolate untrusted processes, making it easier to protect against related threats. These changes will also be useful for supporting other kinds of IPC isolation.
Audit logging for denied access requests#
Linux 6.15 (Landlock ABI 7) adds the ability to log denied requests with audit. This provides visibility into why access requests are denied, including the origin of the security policy, missing access rights, and object descriptions.
The logging system is designed to minimize log spam while still alerting
about unexpected blocked access. Being able to see what is denied, and
more importantly why, is a crucial feature for any security mechanism.
The default behavior alerts about unexpected access requests (i.e.,
attacks) while ignoring noise from programs unaware they are sandboxed.
Tailored sandboxing can adjust this behavior with the three new
LANDLOCK_RESTRICT_SELF_LOG_* flags, though this should not be necessary
in most cases.
This new Landlock capability is the most significant change since Landlock was merged into mainline: +46% SLOC for the kernel and +23% SLOC for kselftests. See sysadmin and user space documentation.
Kernel fixes#
All stable kernels supporting Landlock now also provide a new interface to probe for user-visible fixes. This may be required by some Landlock libraries to safely expose more Landlock features on up-to-date kernels. This improvement in the quality of the Landlock specification should not be noticed by most users.
The first issue fixed by an erratum is related to TCP socket
identification. Mikhail Ivanov fixed an issue where IPv4 and IPv6
stream sockets (e.g., SMC, MPTCP, or SCTP) were incorrectly restricted
by TCP access rights during bind(2) and connect(2) operations. This
change ensures that only TCP sockets are subject to TCP access rights,
allowing other protocols to operate without unnecessary restrictions.
The second erratum is related to scoped signal handling. This fix
addresses an issue where signal scoping was overly restrictive,
preventing sandboxed threads from signaling other threads within the
same process if they belonged to different domains. Because threads are
not security boundaries, user space might assume that all threads within
the same process can send signals between themselves (see nptl(7) and
libpsx(3)). Consistent with ptrace(2) behavior, direct interaction
between threads of the same process should always be allowed. This
change ensures that any thread is allowed to send signals to any other
thread within the same process, regardless of their domain.
Landlock libraries#
The Landlock crate and Go library have been updated, bringing support for the latest Landlock features, improved documentation, and better tests.
Go-Landlock is now packaged in Debian.
Please update your dependencies and use the latest Landlock ABI version for improved sandboxing.
Landlock logo#
Landlock now has a logo! Guess what it means. ;) Feel free to use it to illustrate Landlock.
Talks and articles#
Günther Noack gave a talk at the Linux Security Summit Europe titled “Update On Landlock IOCTL Support”. He explains how Landlock works and why it was designed this way. He then discusses the challenges of implementing a useful and practical IOCTL control, and finally introduces ongoing work to improve Landlock.
I gave a talk at the Open Source Summit Europe on “Linux Sandboxing with Landlock”. This was an introduction to Landlock, including why and how it should be used to secure user environments.
Tahera Fahimi participated in a panel discussion at the Open Source Summit Europe, where she talked about her Outreachy internship working on Landlock.
I also gave a talk at FOSDEM about Sandbox IDs with Landlock. This talk explains the properties of Landlock IDs, how they are used in audit, and how they could be used to identify a set of processes, such as a container.
I updated the Landlock workshop to demonstrate sandboxing with ImageMagick.
I was invited to present Landlock at the Compartmentalization Community meeting (see Eval & Benchmarking meeting of 2025-04-24)
An interesting article about sandboxing was published on the Emilua (Lua runtime) blog.
Rémi Gacogne will give a talk at Pass the Salt about sandboxing Pacman.
Documentation and examples#
Günther Noack is writing documentation with use cases for Landlock. We’ll move this documentation to the official website when ready but in the meantime it’s worth a read! Examples are also available.
New Linux distributions support#
GNOME OS’s kernel has Landlock enabled by default (it’s been a while, but we missed it).
Flatcar’s kernel has had Landlock enabled by default since last year.
Red Hat Enterprise Linux 9.6.0 (RHEL) has enabled Landlock by default and also backported features up to Landlock ABI 5, thanks to Ryan Sullivan and Red Hat reviewers. It is available since kernel-5.14.0-568.el9. CentOS Stream, Rocky Linux, and other RHEL alternatives should also gain the same support.
New Landlock user space support#
GNOME’s tracker-extract is now sandboxed with Landlock (it’s been a while, but it wasn’t mentioned in a previous newsletter). Support was merged in GNOME 46. There were some interesting compatibility issues that have since been fixed. All these issues can be avoided by using a Landlock library with best-effort support (Rust or Go for now).
HashiCorp’s Nomad can now run sandboxed processes with Landlock.
Unblob 24.12.4 has gained support for Landlock.
dosemu2 has gained support for Landlock.
wireproxy 1.0.8 has gained support for Landlock.
Landrun is a new sandboxing tool leveraging Landlock. See Hacker News coverage.
Ongoing work#
Ongoing kernel work can be tracked here.
It would be good to have guidelines to help developers sandbox their applications. OpenSSF Working Groups could be a good place for that. Any help would be appreciated.
We are working on a Landlock configuration format to empower all Linux users to sandbox their applications with Landlock. A new tool will make this library easy to use.
Thanks to all contributors!
Regards, Mickaël