1. Forum
  2. Fidonet Message
  3. LINUX

  • Landlock LSM

    From Alys W@1:103/705 to All on Monday, March 03, 2025 07:55:13
    Hello all! I wanted to start a discussion about the Landlock LSM because I got autistically obsessed over it :3

    What do you think of it?
    Do you think it's beneficial, crucial maybe?
    ����Ŀ
    � :3 �
    ������
    --- SBBSecho 3.23-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Karel Kral@2:423/39 to Alys W on Monday, March 03, 2025 17:49:24
    Hello Alys!

    03 Mar 25 07:55, you wrote to All:

    Hello all! I wanted to start a discussion about the Landlock LSM
    because I got autistically obsessed over it :3

    Heard first time about it. What is advantage against SELinux?

    Karel

    --- GoldED+/LNX 1.1.5-b20240209
    * Origin: Plast DATA (2:423/39)
  • From Alys W@1:103/705 to Karel Kral on Monday, March 03, 2025 09:24:36
    Re: Re: Landlock LSM
    By: Karel Kral to Alys W on Mon Mar 03 2025 05:49 pm

    I'm pretty sure that SELinux is a bunch of kernel modifications and LSM's, whereas Landlock LSM is 1 module that can sandbox processes to mitigate fatal failure, the spread of Malware, etc...

    Feel free to correct me on any error though!
    ����Ŀ
    � :3 �
    ������
    --- SBBSecho 3.23-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Karel Kral@2:423/39 to Alys W on Monday, March 03, 2025 19:28:31
    Hello Alys!

    03 Mar 25 09:24, you wrote to me:

    I'm pretty sure that SELinux is a bunch of kernel modifications and
    LSM's, whereas Landlock LSM is 1 module that can sandbox processes to mitigate fatal failure, the spread of Malware, etc...

    Reading more artciles about it. Looks like the most difference is that Landlock is available for unpriviledged users to limit their processes where SELinux is managed from priveledged account (administration).

    (if documentation is actual what I see) there is some part missing to tackle: networking (at least what I see, added recently/month ago).

    Last but not least: landlock can not protect itself against beeing tampered. To protect Landlock you need admin level behind (like SELinux).

    For sure I will check that, when I have time. Thank you for tip.

    (Unfortunatelly I am not experienced enough to have deeper insigt).

    Karel

    --- GoldED+/LNX 1.1.5-b20240209
    * Origin: Plast DATA (2:423/39)
  • From Alys W@1:103/705 to Karel Kral on Monday, March 03, 2025 11:57:59
    Re: Re: Landlock LSM
    By: Karel Kral to Alys W on Mon Mar 03 2025 07:28 pm

    Huh... I see. Didn't know that (flyread the docs) but that's cool! :3
    ����Ŀ
    � :3 �
    ������
    --- SBBSecho 3.23-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)