User:JM01085758/lsm/landlock

From Gentoo Wiki
Jump to:navigation Jump to:search

Landlock is a stackable LSM that enables creation of sandboxes to restrict the ambient rights of unprivileged processes. The aim is to lessen the security impact of bugs, malicious programs, or misbehaving user space applications. Other LSMs are designed to allow root to enforce a security policy for the system. Landlock intends to fill the gap of providing a way for developers to enforce a security policy for their applications. It is similar to Seatbelt/XNU Sandbox or OpenBSD Pledge.

Ambient rights global filesystem access

not based on eBPF anymore

Installation

Kernel

KERNEL Enable support for <Software_title>
Write menuconfig instructions here.

Additional software

Configuration

Environment variables

  • VAR1
  • VAR2

Files

  • /etc/global_file_example - Global (system wide) configuration file.
  • ~/.local_file_example - Local (per user) configuration file.

Usage

Important
Landlock runs in blocking mode by default.

Invocation

Suricata

https://docs.suricata.io/en/latest/configuration/landlock.html

Troubleshooting

Issue 1

Removal

See also

External resources

References