November 29, 2025
Sandboxed apps, unleashed opinions
Landlock-Ing Linux
Apps put themselves on a leash—and Linux users bark
TLDR: Landlock lets Linux apps lock themselves down without admin help, limiting what they can access. Commenters sparred over whether it’s better than containers, how it stacks with existing security tools, and whether sysadmins can curb its new syscalls—devs cheered simplicity, ops demanded answers.
Landlock just slid into Linux with a bold promise: apps can lock themselves down and only touch what they truly need. Think of it like the app saying, “I’ll stay in my lane,” and the kernel enforcing it. The community reaction? A full-on comment brawl. Over on the prizrak.me blog, some devs are hyped that Landlock needs no admin setup and works at runtime, unlike big, scary system policies. One commenter framed it as “seccomp but for files,” while others begged for a comparison to containers—because Kubernetes brain never sleeps. A helpful explainer chimed in that Landlock is a “minor” security module built for developers to add guardrails right in code, not via a system-wide switch. Meanwhile, sysadmins squinted at the new syscalls and asked if they could be blocked, sparking a mini panic about who’s really in control. There were jokes, too: people calling it “Linux trust issues” and “apps on a leash,” and one wag dubbed the 16-layer policy stack “onion security—crying included.” The vibe: devs cheering for easy, no-permission sandboxing; ops folks side-eyeing how this fits with containers, SELinux, and seccomp. Landlock is simple, but the comments? Deliciously complicated.
Key Points
- •Landlock is a Linux Security Module available since Linux 5.13 that enables applications to define allowlist-based access controls at runtime.
- •Policies are transient, enforced on the current thread and descendants, and cannot be revoked once applied via landlock_restrict_self().
- •A policy comprises handled access types and explicit grants for permitted objects (e.g., read-only directories, writable paths, specific network binds).
- •Policies can be layered up to 16 times, with child layers only able to further reduce previously granted permissions.
- •Landlock is unprivileged, supports ABI versioning for best-effort on older kernels, and can be stacked with SELinux or AppArmor; language bindings exist for Rust, Go, and Haskell, but no official C library yet.