Proposal: add Landlock LSM support #1110
Comments
kailun-qin
added a commit
to kailun-qin/runtime-spec
that referenced
this issue
Aug 2, 2021
Linux kernel 5.13 adds support for Landlock Linux Security Module (LSM). This allows unprivileged processes to create safe security sandboxes that can securely restrict the ambient rights (e.g. global filesystem access) for themselves. opencontainers#1110 Signed-off-by: Kailun Qin <kailun.qin@intel.com>
kailun-qin
added a commit
to kailun-qin/runtime-spec
that referenced
this issue
Aug 2, 2021
Linux kernel 5.13 adds support for Landlock Linux Security Module (LSM). This allows unprivileged processes to create safe security sandboxes that can securely restrict the ambient rights (e.g. global filesystem access) for themselves. opencontainers#1110 Signed-off-by: Kailun Qin <kailun.qin@intel.com>
kailun-qin
added a commit
to kailun-qin/runtime-spec
that referenced
this issue
Aug 2, 2021
Linux kernel 5.13 adds support for Landlock Linux Security Module (LSM). This allows unprivileged processes to create safe security sandboxes that can securely restrict the ambient rights (e.g. global filesystem access) for themselves. opencontainers#1110 Signed-off-by: Kailun Qin <kailun.qin@intel.com>
This was referenced Aug 2, 2021
kailun-qin
added a commit
to kailun-qin/runtime-spec
that referenced
this issue
Sep 2, 2022
Linux kernel 5.13 adds support for Landlock Linux Security Module (LSM). This allows unprivileged processes to create safe security sandboxes that can securely restrict the ambient rights (e.g. global filesystem access) for themselves. opencontainers#1110 Signed-off-by: Kailun Qin <kailun.qin@intel.com>
Zheaoli
added a commit
to Zheaoli/runtime-spec
that referenced
this issue
Jan 2, 2024
Linux kernel 5.13 adds support for Landlock Linux Security Module (LSM). This allows unprivileged processes to create safe security sandboxes that can securely restrict the ambient rights (e.g. global filesystem access) for themselves. opencontainers#1110 Co-authored-by: Zheao Li <me@manjusaka.me> Signed-off-by: Kailun Qin <kailun.qin@intel.com>
Zheaoli
added a commit
to Zheaoli/runtime-spec
that referenced
this issue
Jan 2, 2024
Linux kernel 5.13 adds support for Landlock Linux Security Module (LSM). This allows unprivileged processes to create safe security sandboxes that can securely restrict the ambient rights (e.g. global filesystem access) for themselves. opencontainers#1110 Co-authored-by: Zheao Li <me@manjusaka.me> Signed-off-by: Kailun Qin <kailun.qin@intel.com>
Zheaoli
added a commit
to Zheaoli/runtime-spec
that referenced
this issue
Mar 1, 2024
Linux kernel 5.13 adds support for Landlock Linux Security Module (LSM). This allows unprivileged processes to create safe security sandboxes that can securely restrict the ambient rights (e.g. global filesystem access) for themselves. opencontainers#1110 Co-authored-by: Zheao Li <me@manjusaka.me> Signed-off-by: Kailun Qin <kailun.qin@intel.com>
Zheaoli
added a commit
to Zheaoli/runtime-spec
that referenced
this issue
Sep 16, 2024
Linux kernel 5.13 adds support for Landlock Linux Security Module (LSM). This allows unprivileged processes to create safe security sandboxes that can securely restrict the ambient rights (e.g. global filesystem access) for themselves. opencontainers#1110 Co-authored-by: Zheao Li <me@manjusaka.me> Signed-off-by: Kailun Qin <kailun.qin@intel.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Linux kernel 5.13 adds support for Landlock Linux Security Module (LSM).
This allows unprivileged processes to create safe security sandboxes that can securely restrict the ambient rights (e.g. global filesystem access) for themselves.
Please kindly refer to the landlock userspace-api, kernel doc, website and the feature request in runc for details.
The text was updated successfully, but these errors were encountered: