Subj : Re: Landlock LSM
To   : Alys W
From : Karel Kral
Date : Mon Mar 03 2025 07:28 pm

Hello Alys!

03 Mar 25 09:24, you wrote to me:

AW> I'm pretty sure that SELinux is a bunch of kernel modifications and
AW> LSM's, whereas Landlock LSM is 1 module that can sandbox processes to
AW> mitigate fatal failure, the spread of Malware, etc...

Reading more artciles about it. Looks like the most difference is that Landlock is available for unpriviledged users to limit their processes where SELinux is managed from priveledged account (administration).

(if documentation is actual what I see) there is some part missing to tackle: networking (at least what I see, added recently/month ago).

Last but not least: landlock can not protect itself against beeing tampered. To protect Landlock you need admin level behind (like SELinux).

For sure I will check that, when I have time. Thank you for tip.

(Unfortunatelly I am not experienced enough to have deeper insigt).

Karel

--- GoldED+/LNX 1.1.5-b20240209
* Origin: Plast DATA (2:423/39)

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.