Landlock-Ing Linux
12 days ago
- #Sandboxing
- #API
- #Linux Security
- Landlock is a Linux API that allows applications to declare which resources they can access, similar to OpenBSD's unveil() and pledge().
- It is a Linux Security Module (LSM) available since Linux 5.13, applying transient restrictions at runtime without requiring file labels or extended attributes.
- Policies consist of handled accesses (operations to restrict) and access grants (explicit allowlist of permitted objects).
- Landlock is unprivileged, meaning any application can sandbox itself, and it supports up to 16 layers of policies.
- It is stackable with other LSMs like SELinux or AppArmor and uses ABI versioning for backward compatibility.
- Landlock is ideal for applications with predictable resource needs, such as web servers restricting access to specific directories.
- Unlike SELinux or AppArmor, Landlock policies do not require administrator involvement and can be embedded directly in application code.
- Bindings exist for Rust, Go, and Haskell, though an official C library is not yet available.
- Landlock addresses gaps in Linux security, offering a simple, deny-by-default sandboxing mechanism.
- Ongoing developments include supervise mode, socket restrictions, and finer-grained filesystem control.