"Landlock" Lands In Linux 5.13 For Unprivileged Application Sandboxing

Written by Michael Larabel in Linux Security on 2 May 2021 at 06:12 AM EDT. 15 Comments
LINUX SECURITY
Going back about a half-decade has been the Landlock Linux Security Module (LSM) as a means of allowing even unprivileged processes to create "powerful security" sandboxes. After a number of rounds of reviews and revisions over the year, Landlock has finally been mainlined for Linux 5.13!

The Landlock LSM pull request was submitted earlier in the week and wasn't acted upon right away leaving us to wonder if it would be another cycle where it's left out... But on Saturday night Linus Torvalds went ahead and merged it.

Landlock allows for unprivileged application sandboxing with any process able to restrict themselves. Landlock has been inspired by the likes of the XNU Sandbox, FreeBSD Capsicum, and OpenBSD Pledge.

This documentation goes into more details on the design and capabilities of this security module.

More details on Landlock for those interested can be found via the project site at Landlock.io. After so many years of work and more than thirty revisions to the LSM, it's exciting to see Landlock land in Linux 5.13.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week