[RFC PATCH 0/5] landlock: Pathname-based UNIX connect() control
Tingmao Wang
m at maowtm.org
Thu Jan 1 22:34:12 UTC 2026
On 1/1/26 22:14, Demi Marie Obenour wrote:
> [...]
> Does this leave directory traversal as the only missing Landlock
> filesystem access control? Ideally Landlock could provide the same
> isolation from the filesystem that mount namespaces do.
I think that level of isolation would require path walk control - see:
https://github.com/landlock-lsm/linux/issues/9
(Landlock also doesn't currently control some metadata operations - see
the warning at the end of the "Filesystem flags" section in [1])
[1]: https://docs.kernel.org/6.18/userspace-api/landlock.html#filesystem-flags
More information about the Linux-security-module-archive
mailing list