Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

Landlock Access Controls Extended To Networking With Linux 6.7

Written by Michael Larabel in Linux Networking on 3 November 2023 at 06:46 AM EDT. Add A Comment

LINUX NETWORKING

Landlock was merged back in 2021 with Linux 5.13 for unprivileged application sandboxing. Landlock is focused on restricting ambient rights and is implemented as a stackable Linux security module (LSM). With Linux 6.7 the Landlock LSM is now moving beyond just file-system access controls to also introduce initial networking support.

The Landlock code for Linux 6.7 adds new LANDLOCK_ACCESS_NET_BIND_TCP and LANDLOCK_ACCESS_NET_CONNECT_TCP access rights.

This new support in Landlock ABI version 3 allows restricting TCP sockets bind() and connect() system calls for specific ports. Currently the Landlock network support is limited to TCP with there being complications around UDP but that still may end up supporting UDP sockets in the future.

Those wanting to learn more about the Landlock networking support being added in Linux 6.7 can see this pull request. Those wanting to learn more about this Linux access control mechanism in general can find the documentation at Landlock.io.

Add A Comment

Related News

OpenVPN DCO Looks Like It Might Be Ready For Linux 6.14 To Speed-Up VPN Performance

Many Networking Changes In Linux 6.13 - One Line Of Code Helping WireGuard Performance

Intel IWD 3.0 Wireless Daemon Released For Linux Systems

Linux 6.12-rc3 Released With Some Late NTFS Driver Enhancements

NetworkManager 1.50 Released - Now Ensures Offensive Terms Don't Appear In Settings

OpenVPN Kernel Driver Patches Updated For Improving VPN Performance

About The Author

Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week

OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts

Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels

How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs

Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd

Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal

COSMIC Alpha 4 Released For System76's Rust-Based Desktop

GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd

KDE Starts December By Landing A Number Of New Features