Landlock Security Module Adds File Truncation Support With Linux 6.2

Written by Michael Larabel in Linux Security on 18 December 2022 at 06:16 AM EST. 9 Comments
Merged back in Linux 5.13 last year was Landlock for allowing unprivileged application sandboxing. Landlock allows restricting ambient rights for a set of processes and is implemented as a stackable Linux security module (LSM) for establishing safe security sandboxes. With Linux 6.2 file truncation support is added for Landlock.

Landlock developers are working toward more complete coverage of file-system operations that can be restricted by this LSM. As part of that for this kernel cycle the file truncation support is ready. In turn this rounds out the coverage for the operations that modify the file contents, so with Linux 6.2 it should be possible to prevent the direct modification of file contents with Landlock.

The new LANDLOCK_ACCESS_FS_TRUNCATE flag covers both truncate and ftruncate system calls as well as the open call with the truncate flag along with the creat() call where existing files are being overwritten.

More details on this truncate support for Landlock can be found via this pull request of the now-merged code for beefing up this application sandboxing solution's capabilities for unprivileged access control.

Those wishing to learn more about Landlock in general can visit as the project documentation site.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week