top | item 43448137

(no title)

l0kod | 11 months ago

We are working on a JSON/TOML format for Landlock, with the related library, and bindings for several languages: https://github.com/landlock-lsm/landlockconfig

We are working to make it part of the OCI runtime specification too.

Using existing configuration format would not work because Landlock has its own unique properties: unprivileged, nested sandboxes, dedicated Linux syscalls, and a good compatibility story with opt-in and incremental features.

discuss

No comments yet.