[Haskell-cafe] [ANN] landlock 0.2.1.0
Nicolas Trangez
ikke at nicolast.be
Mon Feb 27 14:50:18 UTC 2023
I’m happy to announce the latest version of `landlock`, a Haskell
library to access the Linux Landlock LSM API. This version updates the
library to expose all Landlock features up to Linux 6.2 (Landlock ABI
3). It also introduces `landlocked`[1], a utility to spawn some process
in a landlocked environment, and serves as a demo of how to use the API
(next to the library documentation[2] and README.md[3]).
It’s available on Hackage[4] and GitHub[5].
The Linux kernel Landlock API provides unprivileged access control. The
goal of Landlock is to enable to restrict ambient rights (e.g. global
filesystem access) for a set of processes. Because Landlock is a
stackable LSM, it makes possible to create safe security sandboxes as
new security layers in addition to the existing system-wide access-
controls. This kind of sandbox is expected to help mitigate the
security impact of bugs or unexpected/malicious behaviors in user space
applications. Landlock empowers any process, including unprivileged
ones, to securely restrict themselves.
For more information, see the Landlock homepage[6] and its kernel
documentation[7].
[1]
https://github.com/NicolasT/landlock-hs/blob/27d2d95478f8c85cfbf4025bb41d57d0e57d670f/landlock/bin/landlocked.hs
[2]
https://hackage.haskell.org/package/landlock-0.2.1.0/docs/System-Landlock.html
[3] https://github.com/NicolasT/landlock-hs/tree/main/landlock#readme
[4] https://hackage.haskell.org/package/landlock-0.2.1.0
[5] https://github.com/NicolasT/landlock-hs
[6] https://landlock.io/
[7] https://docs.kernel.org/userspace-api/landlock.html
More information about the Haskell-Cafe
mailing list