Closed xordspar0 closed 2 years ago
omar-polo
commented
3 years ago I'm happy to see that landlock was merged! Adding support for it is something that's definitely in my TODO list. At the moment I'm working on some other things that I planned for the 1.7 so maybe for the release after :)
omar-polo
commented
2 years ago It took me a while to find the time, but I've finally started to implement some landlock rules!
I've pushed some commits in the feature/landlock branch and I'm planning to tag a minor release in the following days, then merge it into the master branch.
If someone wants to help, please review the diff and/or run the regression test on various different kernel versions/libc implementations (even pre-5.13 to ensure that it doesn't break on older kernels) and report back your findings. Thanks!
omar-polo
commented
2 years ago I've merged the feature/landlock branch into the master, it'll be available in the next major release! :tada:
Landlock is a Linux security module that was inspired in part by OpenBSD Pledge. It is simpler than seccomp. Here is a patch for GNU Tar that uses Landlock to add sandboxing as an example: https://lists.gnu.org/archive/html/bug-tar/2021-04/msg00002.html
It was just merged into the linux-next tree and should be released in Linux 5.13.