June 23 - 24, 2022 | Austin, Texas + Virtual
View More Details & Registration Information

Please note all session times are listed in Central Daylight Time (CDT), UTC -5.
To view the schedule at your preferred time, please choose your location on the right-hand navigation panel under ’Timezone’.
Back To Schedule
Friday, June 24 • 2:35pm - 3:05pm
Update on Landlock: Lifting the File Reparenting Limits and Supporting Network Rules - Mickaël Salaün, Microsoft

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Landlock is available in mainline since 2021, but with some limitations due to to incremental development. One of the most annoying limitations, especially for generic containers, is the inability to change the parent directory of a file, e.g. with rename(2) or link(2). In a first part, I'll explain what was the related challenges and how we can now use the new LANDLOCK_ACCESS_FS_REFER right to allow renaming and linking without risking bypassing the security policy. File system access control is required to protect data, but network access control is also very important. In a second part, I'll talk about the upcoming network access control support that will enable to create simple app-centric or container firewalls.

avatar for Mickaël Salaün

Mickaël Salaün

Senior Software Engineer, Microsoft
Mickaël Salaün is a security researcher, software developer and open source enthusiast. He is mostly interested in Linux-based operating systems, especially from a security point of view. He has built security sandboxes before hacking into the kernel on a new LSM called Landlock... Read More →

Friday June 24, 2022 2:35pm - 3:05pm CDT
  Short Topics