"Landlock" Lands In Linux 5.13 For Unprivileged Application Sandboxing
![LINUX SECURITY](/assets/categories/linuxsecurity.webp)
The Landlock LSM pull request was submitted earlier in the week and wasn't acted upon right away leaving us to wonder if it would be another cycle where it's left out... But on Saturday night Linus Torvalds went ahead and merged it.
Landlock allows for unprivileged application sandboxing with any process able to restrict themselves. Landlock has been inspired by the likes of the XNU Sandbox, FreeBSD Capsicum, and OpenBSD Pledge.
This documentation goes into more details on the design and capabilities of this security module.
More details on Landlock for those interested can be found via the project site at Landlock.io. After so many years of work and more than thirty revisions to the LSM, it's exciting to see Landlock land in Linux 5.13.
15 Comments