Loading…
The Sched app allows you to build your schedule but is not a substitute for your event registration. In addition, you must be registered for Linux Security Summit to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Pacific Daylight Time (PDT), UTC-7. Please select from the drop-down menu to the right to see the schedule in your preferred timezone above "Filter by Date."
Back To Schedule
Wednesday, September 29 • 11:05am - 11:50am
(VIRTUAL) Deep Dive into Landlock Internals - Mickaël Salaün, Microsoft

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.
Landlock is the first Mandatory Access Control available to unprivileged processes on Linux. It is available since Linux 5.13, which enables all applications to sandbox themselves. Landlock development started 5 years ago, and multiple approaches were tried (e.g. extending seccomp, using eBPF) before picking the good one. This talk first explains the goal of Landlock and the related consequences. This will enable to explain the kernel implementation constraints, the choices that led to the current design, and the potential and limits of the current and future features. More information about Landlock can be found on the official website: https://landlock.io
Speakers
avatar for Mickaël Salaün

Mickaël Salaün

Senior Software Engineer, Microsoft
Mickaël Salaün is a security researcher and open source enthusiast. He is mostly interested in Linux-based operating systems, especially from a security point of view. He has built security sandboxes before hacking into the kernel on a new LSM called Landlock, of which he is now... Read More →

2021 09 29 LSS Deep Dive into Landlock Internals pdf
Wednesday September 29, 2021 11:05am - 11:50am PDT
Room 402 - Chiliwack
  Refereed Presentation
  • Talk Type Virtual
  • Presentation Slides Attached Yes