Posted inLinux
Landlock LSM on Linux: Sandbox Applications Without Root Using Built-in Kernel Security
Landlock LSM is a security module built into the Linux kernel since version 5.13, allowing applications to restrict their own filesystem access without root privileges. This post shares real-world deployment experience on Ubuntu 22.04 in production over six months: Python examples using ctypes, wrapping binaries with landlockrun, and combining with systemd hardening.
