Landlock Lsm

🌍 Website | 📚 Docs | 🐞 Bugtracker

I contribute to the Landlock LSM (Linux Security Module), which lets Linux processes sandbox themselves.

I also maintain the GoLandlock library, which makes it easy to use Landlock with Go.

Some patch sets which I find interesting:

• LandlockIoctlControl (since Linux 6.10)
• LandlockSocketTypeControl (currently in review)

Resources

• 🎥 GoLandlockTalk
• 🎥 Talk: Update on Landlock: IOCTL Support (video)
• 📝 My blog posts about Landlock
• 📚 UsingLandlock - Some introductory materials
• 💾 SoftwareUsingLandlock - an incomplete collection
• 🕵️ LandlockFileSystemCompositionModel