On Thu, Mar 05, 2026 at 01:29:15AM +0100, Jonathan Schleifer wrote: [...] > By abstraction, I don't mean a race to the bottom for the lowest common > denominator (which is no sandboxing at all), but rather an abstraction over > pledge+unveil that can also be made to work with Landlock (and maybe > Capsicum). So it would deny everything by default and also allow no file > system paths by default, except for those explicitly allowed.
You may want to pursue the Landlock documentation and issue tracker then, Landlock somewhat markets itself as doing this, but has some surprising omissions, just two examples: - https://github.com/landlock-lsm/linux/issues/36 "Named Unix socket connect() control by path" - https://github.com/landlock-lsm/linux/issues/37 "Restrict executing on memfd" [...] > And yes, this means there are plenty of sandbox systems out there that will > plainly not be supported because they don't have "deny everything by > default", making them IMHO useless anyway. It's also worth considering that Landlock's default usage is to ask the kernel for the API version and then not apply restrictions which are known newer than that, another kind of fail-open. Some of this is addressable by additionally adding seccomp rules, but then you are in the realm of correctly using multiple APIs, which turn out to be hard to use correctly (see for example the number of CVEs in runc or other similar components). (This also feels to be getting off topic for ports@, but I think concrete examples of limitations in other APIs is at least interesting to consider when porting.) David
