rusty-snake
commented
1 year ago For bubblejail it makes sense to restrict write permission outside the instance home and run directory.
It can also be used for W^X in the filesystem.
Open igo95862 opened 1 year ago
rusty-snake
commented
1 year ago For bubblejail it makes sense to restrict write permission outside the instance home and run directory.
It can also be used for W^X in the filesystem.
Description
https://www.kernel.org/doc/html/latest/userspace-api/landlock.html
Landlock is an unprivileged LSM. It is already compiled in Arch Linux.
For bubblejail it makes sense to restrict write permission outside the instance home and run directory.