The Linux kernel Landlock API provides unprivileged access control. The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes. Because Landlock is a stackable LSM, it makes possible to create safe security sandboxes as new security layers in addition to the existing system-wide access-controls. This kind of sandbox is expected to help mitigate the security impact of bugs or unexpected/malicious behaviors in user space applications. Landlock empowers any process, including unprivileged ones, to securely restrict themselves.
This projects provides the following Haskell libraries to use this API:
- landlock, Haskell binding for the Linux Landlock API
- psx, a package to integrate libpsx with the GHC RTS
For more information, see the Landlock homepage and its kernel documentation.