Announcement

Collapse
No announcement yet.

Landlock Security Module Adds File Truncation Support With Linux 6.2

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Landlock Security Module Adds File Truncation Support With Linux 6.2

    Phoronix: Landlock Security Module Adds File Truncation Support With Linux 6.2

    Merged back in Linux 5.13 last year was Landlock for allowing unprivileged application sandboxing. Landlock allows restricting ambient rights for a set of processes and is implemented as a stackable Linux security module (LSM) for establishing safe security sandboxes. With Linux 6.2 file truncation support is added for Landlock...

    Landlock Security Module Adds File Truncation Support With Linux 6.2 - Phoronix
    https://www.phoronix.com/news/Landlock-Linux-6.2
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    xfcemint
    Why is selectively allowing/denying access to segments of the "real filesystem" not enough from a security standpoint when compared to your idea? Can't this already be paired with other features to achieve your proposed effect?
    • Likes 2

    Comment

    • #3
      Originally posted by xfcemint View Post
      If the malicious app (perhaps containing a virus or a trojan) can read the actual system files, the following problems arise:
      Thanks, that was what I wanted to understand!
      • Likes 1

      Comment

      • #4
        Originally posted by xfcemint View Post
        I have spent about 30 seconds reading about Landlock. From my point of view, what Landlock provides is still insufficient.

        In order to provide full cybersecurity guarantees, when running any application, the user must be able to completely virtualize the entire filesystem. This means that ALL the files and directories must be "rearrangable", forming a completely new, virtualized FS, also with a completely different set of file permission.

        Landlock only provides an ability to make a new set of permission for existing files and directories, not a complete FS virtualization.

        At least, it is a step towards the right direction.
        Landlock is a permission system, not a virtualization interface. You're looking for namespaces.
        • Likes 1

        Comment

        • #5
          This sounds awfully like a Goog$e project to collect analysts on my web usage... look at the wording even, looks just like something a Goog$r would write. I don't trust this.

          Comment

          Previous template Next
          Working...
          X