Proposal: add Landlock LSM support #1110
Comments
kailun-qin
added a commit
to kailun-qin/runtime-spec
that referenced
this issue
Aug 2, 2021
Linux kernel 5.13 adds support for Landlock Linux Security Module (LSM). This allows unprivileged processes to create safe security sandboxes that can securely restrict the ambient rights (e.g. global filesystem access) for themselves. opencontainers#1110 Signed-off-by: Kailun Qin <[email protected]>
kailun-qin
added a commit
to kailun-qin/runtime-spec
that referenced
this issue
Aug 2, 2021
Linux kernel 5.13 adds support for Landlock Linux Security Module (LSM). This allows unprivileged processes to create safe security sandboxes that can securely restrict the ambient rights (e.g. global filesystem access) for themselves. opencontainers#1110 Signed-off-by: Kailun Qin <[email protected]>
kailun-qin
added a commit
to kailun-qin/runtime-spec
that referenced
this issue
Aug 2, 2021
Linux kernel 5.13 adds support for Landlock Linux Security Module (LSM). This allows unprivileged processes to create safe security sandboxes that can securely restrict the ambient rights (e.g. global filesystem access) for themselves. opencontainers#1110 Signed-off-by: Kailun Qin <[email protected]>
This was referenced Aug 2, 2021
kailun-qin
added a commit
to kailun-qin/runtime-spec
that referenced
this issue
Sep 2, 2022
Linux kernel 5.13 adds support for Landlock Linux Security Module (LSM). This allows unprivileged processes to create safe security sandboxes that can securely restrict the ambient rights (e.g. global filesystem access) for themselves. opencontainers#1110 Signed-off-by: Kailun Qin <[email protected]>
Zheaoli
added a commit
to Zheaoli/runtime-spec
that referenced
this issue
Jan 2, 2024
Linux kernel 5.13 adds support for Landlock Linux Security Module (LSM). This allows unprivileged processes to create safe security sandboxes that can securely restrict the ambient rights (e.g. global filesystem access) for themselves. opencontainers#1110 Co-authored-by: Zheao Li <[email protected]> Signed-off-by: Kailun Qin <[email protected]>
Zheaoli
added a commit
to Zheaoli/runtime-spec
that referenced
this issue
Jan 2, 2024
Linux kernel 5.13 adds support for Landlock Linux Security Module (LSM). This allows unprivileged processes to create safe security sandboxes that can securely restrict the ambient rights (e.g. global filesystem access) for themselves. opencontainers#1110 Co-authored-by: Zheao Li <[email protected]> Signed-off-by: Kailun Qin <[email protected]>
Zheaoli
added a commit
to Zheaoli/runtime-spec
that referenced
this issue
Mar 1, 2024
Linux kernel 5.13 adds support for Landlock Linux Security Module (LSM). This allows unprivileged processes to create safe security sandboxes that can securely restrict the ambient rights (e.g. global filesystem access) for themselves. opencontainers#1110 Co-authored-by: Zheao Li <[email protected]> Signed-off-by: Kailun Qin <[email protected]>
Zheaoli
added a commit
to Zheaoli/runtime-spec
that referenced
this issue
Sep 16, 2024
Linux kernel 5.13 adds support for Landlock Linux Security Module (LSM). This allows unprivileged processes to create safe security sandboxes that can securely restrict the ambient rights (e.g. global filesystem access) for themselves. opencontainers#1110 Co-authored-by: Zheao Li <[email protected]> Signed-off-by: Kailun Qin <[email protected]>
Zheaoli
added a commit
to Zheaoli/runtime-spec
that referenced
this issue
Dec 16, 2024
Linux kernel 5.13 adds support for Landlock Linux Security Module (LSM). This allows unprivileged processes to create safe security sandboxes that can securely restrict the ambient rights (e.g. global filesystem access) for themselves. opencontainers#1110 Co-authored-by: Zheao Li <[email protected]> Signed-off-by: Kailun Qin <[email protected]>
Zheaoli
added a commit
to Zheaoli/runtime-spec
that referenced
this issue
Dec 20, 2024
Linux kernel 5.13 adds support for Landlock Linux Security Module (LSM). This allows unprivileged processes to create safe security sandboxes that can securely restrict the ambient rights (e.g. global filesystem access) for themselves. opencontainers#1110 Co-authored-by: Zheao Li <[email protected]> Signed-off-by: Kailun Qin <[email protected]>
Zheaoli
added a commit
to Zheaoli/runtime-spec
that referenced
this issue
Dec 20, 2024
Linux kernel 5.13 adds support for Landlock Linux Security Module (LSM). This allows unprivileged processes to create safe security sandboxes that can securely restrict the ambient rights (e.g. global filesystem access) for themselves. opencontainers#1110 Co-authored-by: Zheao Li <[email protected]> Signed-off-by: Kailun Qin <[email protected]> Signed-off-by: Manjusaka <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Linux kernel 5.13 adds support for Landlock Linux Security Module (LSM).
This allows unprivileged processes to create safe security sandboxes that can securely restrict the ambient rights (e.g. global filesystem access) for themselves.
Please kindly refer to the landlock userspace-api, kernel doc, website and the feature request in runc for details.
The text was updated successfully, but these errors were encountered: