Update on Landlock: IOCTL Support – Günther Noack, Google

Update on Landlock: IOCTL Support – Günther Noack, Google

The Landlock security module lets Linux processes restrict what they can do and puts developers in charge of defining appropriate sandboxing policies for their programs. We will give a brief overview over Landlock’s current features, recent developments, and talk about what is next. We will discuss in more detail Landlock’s new support for restricting the use of IOCTL and the design considerations and trade-offs that went into it.