I’m happy to announce the latest version of landlock, a Haskell library to access the Linux Landlock LSM API. This version updates the library to expose all Landlock features up to Linux 6.2 (Landlock ABI 3). It also introduces landlocked, a utility to spawn some process in a landlocked environment, and serves as a demo of how to use the API (next to the library documentation and README.md).
It’s available on Hackage and GitHub.
The Linux kernel Landlock API provides unprivileged access control. The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes. Because Landlock is a stackable LSM, it makes possible to create safe security sandboxes as new security layers in addition to the existing system-wide access-controls. This kind of sandbox is expected to help mitigate the security impact of bugs or unexpected/malicious behaviors in user space applications. Landlock empowers any process, including unprivileged ones, to securely restrict themselves.
For more information, see the Landlock homepage and its kernel documentation.
Might be simply because I read about Landlock when it landed in Linux, and wanted to play with it.