In-reply-to » How have I missed Linux’s landlock? 🤔 Maybe we’ll get something like OpenBSD’s pledge/unveil some day. For now, landlock appears to be more complicated, but we’ll see how it goes. Gotta play with this some time. 🤔

@prologic@twtxt.net It’s a way for a process to lock itself down.

One common pattern would be this: Early during startup, a process reads some configuration files. Once done, it can lock itself down and tell the kernel that it won’t need any further filesystem access at all (or only access to certain paths). If the process gets hacked later on, the attacker won’t be able to read files.

As I understand it, this is better than static restrictions like AppArmor and the likes, because those apply to the entire lifespan of the process.

And it’s much easier to use than something like chroot. OpenBSD’s pledge and unveil are particularly easy to use, making it feasible to use them in almost any program (not just the ones that you might consider “security critical”):

Even something like cal (that thing that prints a calendar) uses pledge in OpenBSD: https://github.com/openbsd/src/blob/master/usr.bin/cal/cal.c#L153

⤋ Read More