Don’t miss out! Join us at the next Open Source Summit in Seoul, South Korea (November 4-5). Join us at the premier vendor-neutral open source conference, where developers and technologists come together to collaborate, share knowledge, and explore the latest innovations and advancements in open source technology. Learn more at https://events.linuxfoundation.org/
Landlock Config – Mickaël Salaün, Microsoft
One of Landlock’s main goals is to empower Linux users to sandbox their programs. We’ve focused on building the foundation of a new unprivileged access control system, including an interface for developers to sandbox programs. While sandboxing tools already leverage Landlock, a well-defined way to describe security policies is still needed.
To address this, we’re designing a user-friendly configuration format, marking a significant step toward making Landlock more accessible. This format enables users to describe a set of restrictions enforced on their programs and helps democratize Linux sandboxing. The new configuration format and related library simplify sandbox creation by allowing users to compose modular security policies. Linux distributions can also provide predefined policies that users can customize, reducing the maintenance burden.
In this talk, we’ll explain the design of this new configuration format, available to end users via TOML and to developers via JSON, and how it can be leveraged for various use cases.
