# Landlock LSM

[Landlock](https://lwn.net/Articles/698226/) is a Linux Security Module currently under development by Mickaël Salaün (@l0kod). Landlock is based on eBPF,
extended Berkeley Packet filters (see [ebpf project](../ebpf/roadmap.md)), to attach small programs to hooks in the kernel.

These eBPF programs provide context that can allow for very robust decision-making when integrated with LSM hooks.
In particular, this lends itself very nicely to container-based environments.
One such example is that Landlock could be used to write policies to restrict containers from accessing file descriptors they do
not own, acting as a last line of defense to restrict container escapes, 

Landlock is stackable on top of other LSMs, like SELinux and Apparmor.


## Roadmap

**Near-term:**
- We will carry the Landlock patches in a `kernel-landlock` image for people to test, and update them continuously
- Draft and include a simple Landlock policy that can be demonstrated with the current patch-set, to show an example
- Offer design and code review help on Landlock, using Moby as a test-bed

**Long-term:**
- Develop a robust container-minded Landlock policy, and include it in LinuxKit by default