Comment by thomashabets2
1 day ago
No, landlock is a separate thing. It's the first of its kind on Linux that doesn't completely suck, like seccomp does (https://blog.habets.se/2022/03/seccomp-unsafe-at-any-speed.h...).
1 day ago
No, landlock is a separate thing. It's the first of its kind on Linux that doesn't completely suck, like seccomp does (https://blog.habets.se/2022/03/seccomp-unsafe-at-any-speed.h...).
Sure seccomp has its flaws but it's not unworkable. You could just simply gate execution from running on any newer version of Linux of which you don't have a complete syscall list. Or variations on that theme if you need more flexibility.
Well, you'll still need to build unveil/pledge on top of it, because it's not just "the version of Linux". It's all libraries used, directly and indirectly (incl config-based list of libraries, like in PAM), and what they suddenly decide to change even in a security-only patch.
The list of syscalls any code anywhere in the system calls is not a published contract with any guarantees.
> You could just
… is doing some heavy lifting here. "You could just" all but guarantee that your program will break in a couple of years for all users who do the responsible thing?
Sure, if you're building an appliance with a support contract, where you control everything, then that's doable. Servers/desktops/laptops, not so much.