Sandboxing Applications with Landlock

Explore the concept of application sandboxing using Landlock in this informative conference talk. Delve into the current state of application security, understand the importance of sandboxing, and compare different sandboxing mechanisms. Learn about Landlock's features, including filesystem access control and automatic hierarchy restrictions. Discover how to implement Landlock by creating rulesets, adding rules, and enforcing them. Gain insights into developer tools, kernel compatibility, and future roadmap for Landlock. Equip yourself with knowledge to enhance application security through effective sandboxing techniques.

Intro
What is it about?
State of security for applications nowadays
What is (security) sandboxing?
Why do we need sandboxing?
State of the art
Security features available in traditional Linux systems
Comparisons of different sandboxing mechanisms
What is Landlock?
Use cases
Current access-control features: filesystem
Automatic hierarchy restrictions
Interesting development properties
Landlock vocabulary
How to use Landlock?
Create a ruleset
Add rules
Enforce the ruleset
Developer tools
Kernel compatibility
Backward compatibility
Future-proofness
Roadmap (kernel-side)
Wrap-up