Landlock LSM

Landlock is a Linux Security Module currently under development by Mickaël Salaün (@l0kod). Landlock is based on eBPF, extended Berkeley Packet filters (see ebpf project), to attach small programs to hooks in the kernel.

These eBPF programs provide context that can allow for very robust decision-making when integrated with LSM hooks. In particular, this lends itself very nicely to container-based environments. One such example is that Landlock could be used to write policies to restrict containers from accessing file descriptors they do not own, acting as a last line of defense to restrict container escapes,

Landlock is stackable on top of other LSMs, like SELinux and Apparmor.

Roadmap

Near-term:

• We will carry the Landlock patches in a kernel-landlock image for people to test, and update them continuously
• Draft and include a simple Landlock policy that can be demonstrated with the current patch-set, to show an example
• Offer design and code review help on Landlock, using Moby as a test-bed

Long-term:

• Develop a robust container-minded Landlock policy, and include it in LinuxKit by default