"Landlock" Lands In Linux 5.13 For Unprivileged Application Sandboxing
Going back about a half-decade has been the Landlock Linux Security Module (LSM) as a means of allowing even unprivileged processes to create "powerful security" sandboxes. After a number of rounds of reviews and revisions over the year, Landlock has finally been mainlined for Linux 5.13!
The Landlock LSM pull request was submitted earlier in the week and wasn't acted upon right away leaving us to wonder if it would be another cycle where it's left out... But on Saturday night Linus Torvalds went ahead and merged it.
Landlock allows for unprivileged application sandboxing with any process able to restrict themselves. Landlock has been inspired by the likes of the XNU Sandbox, FreeBSD Capsicum, and OpenBSD Pledge.
This documentation goes into more details on the design and capabilities of this security module.
More details on Landlock for those interested can be found via the project site at Landlock.io. After so many years of work and more than thirty revisions to the LSM, it's exciting to see Landlock land in Linux 5.13.
The Landlock LSM pull request was submitted earlier in the week and wasn't acted upon right away leaving us to wonder if it would be another cycle where it's left out... But on Saturday night Linus Torvalds went ahead and merged it.
Landlock allows for unprivileged application sandboxing with any process able to restrict themselves. Landlock has been inspired by the likes of the XNU Sandbox, FreeBSD Capsicum, and OpenBSD Pledge.
This documentation goes into more details on the design and capabilities of this security module.
More details on Landlock for those interested can be found via the project site at Landlock.io. After so many years of work and more than thirty revisions to the LSM, it's exciting to see Landlock land in Linux 5.13.
15 Comments