Hacker News new | ask | show | jobs
by Foxboron 453 days ago
Still early but Mickaël Salaün, the author of landlock, is working on this.

https://github.com/landlock-lsm/landlockconfig

I'm going to write up some Go bindings for this when it becomes relevant.
1 comments
gnoack 453 days ago
(Author of go-Landlock here)

Awesome! I'm happy to hear that you and others are interested in the configuration language. We should probably coordinate that on the Landlock mailing list when the time comes, so that we don't duplicate that work. We are open to outside contributions :)

link
ARob109 453 days ago
Would be cool to see integration of landlock with configuration file in a way that a service launched by systemd can apply the configuration to the executable.

Akin to systemd SystemCallFilter directive for no-code application of seccomp filters to the sandboxed process https://www.freedesktop.org/software/systemd/man/latest/syst...

link