Announcement

Collapse
No announcement yet.

Still In Development, Landlock Aims To Yield Powerful Security Sandboxes For Linux

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Still In Development, Landlock Aims To Yield Powerful Security Sandboxes For Linux

    Phoronix: Still In Development, Landlock Aims To Yield Powerful Security Sandboxes For Linux

    The Landlock Linux Security Module (LSM) continues to be in development and has now been revised for its seventh time. The last time we wrote about this LSM was last September while over the weekend the newest patches have surfaced...

    http://www.phoronix.com/scan.php?pag...k-LSM-v7-Linux

  • #2
    I had to search what eBPF means, I think it's extended Berkeley Packet Filter. If everyone else knew that already, then sorry for my ignorance.

    So really the big innovation here is to let non-root users set up application sandboxes? I thought Snappy, Flatpak, AppImage, etc... facilitated that? Or do you still need root to install all of them?

    Comment


    • #3
      I hope it takes less time to study compared to SELinux/AppArmor (from a user's perspective).

      Comment


      • #4
        Originally posted by Michael_S View Post
        I had to search what eBPF means, I think it's extended Berkeley Packet Filter. If everyone else knew that already, then sorry for my ignorance.

        So really the big innovation here is to let non-root users set up application sandboxes? I thought Snappy, Flatpak, AppImage, etc... facilitated that? Or do you still need root to install all of them?
        Neither Flatpak, nor Snappy, nor AppImage let non-root users set up sandboxes.
        That's done by an SUID helper. Usually Bubblewrap (Flatpak and Snappy both use that one), in the case of AppImage Bubblewrap or Firejail.

        Comment


        • #5
          Originally posted by unixfan2001 View Post

          Neither Flatpak, nor Snappy, nor AppImage let non-root users set up sandboxes.
          That's done by an SUID helper. Usually Bubblewrap (Flatpak and Snappy both use that one), in the case of AppImage Bubblewrap or Firejail.
          Thanks. I didn't know.

          Comment

          Working...
          X