How have I missed Linux’s landlock? 🤔 Maybe we’ll get something like OpenBSD’s pledge/unveil some day. For now, landlock appears to be more complicated, but we’ll see how it goes. Gotta play with this some time. 🤔

@movq@www.uninformativ.de What does this do? 🤔

@prologic@twtxt.net It’s a way for a process to lock itself down.

One common pattern would be this: Early during startup, a process reads some configuration files. Once done, it can lock itself down and tell the kernel that it won’t need any further filesystem access at all (or only access to certain paths). If the process gets hacked later on, the attacker won’t be able to read files.

As I understand it, this is better than static restrictions like AppArmor and the likes, because those apply to the entire lifespan of the process.

And it’s much easier to use than something like chroot. OpenBSD’s pledge and unveil are particularly easy to use, making it feasible to use them in almost any program (not just the ones that you might consider “security critical”):

• https://why-openbsd.rocks/fact/pledge/
  
• https://why-openbsd.rocks/fact/unveil/
  

Even something like cal (that thing that prints a calendar) uses pledge in OpenBSD: https://github.com/openbsd/src/blob/master/usr.bin/cal/cal.c#L153

@movq@www.uninformativ.de Don’t we already have containers though? Linux cgroups alert find toy a level of isolation that is already pretty starting?

@prologic@twtxt.net First, yes, Linux has many features in that area and that’s not a great situation as it complicates everything. 🫤

The two key advantages of landlock (or pledge/unveil) would be: a) Much easier to use / more lightweight, b) usable by non-root users.

Been a while since I watched it, I think this talk by one of the OpenBSD devs was pretty good: https://www.youtube.com/watch?v=gvmGfpMgny4