Landlock: unprivileged access control — The Linux Kernel documentation

Contents Development process Submitting patches Code of conduct Maintainer handbook All development-process docs Core API Driver APIs Subsystems Locking Licensing rules Writing documentation Development tools Testing guide Hacking guide Tracing Fault injection Livepatching Rust Administration Build system Reporting issues Userspace tools Userspace API System calls Security-related interfaces No New Privileges Flag Seccomp BPF (SECure COMPuting with filters) Landlock: unprivileged access control Linux Security Modules Speculation Control TEE (Trusted Execution Environment) Userspace API Devices and I/O Everything else Firmware Firmware and Devicetree CPU architectures Unsorted documentation Translations This Page Show Source

The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem or network access) for a set of processes. Because Landlock is a stackable LSM, it makes possible to create safe security sandboxes as new security layers in addition to the existing system-wide access-controls. This kind of sandbox is expected to help mitigate the security impact of bugs or unexpected/malicious behaviors in user space applications. Landlock empowers any process, including unprivileged ones, to securely restrict themselves.

Leave a Comment