OSM Town Compass @compass

0 posts0 participants0 posts today

**r1w1s1** @r1w1s1@snac.bsd.cafe · Mar 30

Yes, #slackware current includes #Landlock support in the testing group with #kernel 6.14.
However, you must enable it at boot. If you're using #GRUB, follow these steps:

1. Add the following line to /etc/default/grub:

GRUB_CMDLINE_LINUX_DEFAULT="lsm=landlock"

2. Regenerate the GRUB configuration:

geninitrd

3. Reboot your system and verify that Landlock is enabled:

sudo dmesg | grep landlock

Example output:

[ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-generic root=UUID=... ro lsm=landlock
[ 0.068388] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-generic root=UUID=... ro lsm=landlock
[ 0.212270] LSM: initializing lsm=capability,landlock
[ 0.212270] landlock: Up and running.

Once enabled, you can use landrun on Slackware-current:
https://slackbuilds.org/repository/15.0/network/landrun/

slackbuilds.orgSlackBuilds.org - landrunSlackBuilds.org - SlackBuild Script Repository

**r1w1s1** @r1w1s1@snac.bsd.cafe · Mar 29

Mar 29

r1w1s1 @r1w1s1@snac.bsd.cafe

Exciting news for #Slackware users!

The Landrun tool is now available in SlackBuildsOrg!

Landrun A lightweight, secure sandbox for running Linux processes using Landlock.
Think firejail, but with kernel-level security and minimal overhead.

Get it here:
https://slackbuilds.org/repository/15.0/network/landrun/

#Linux #Slackware #landlock #OpenSource #landrun

slackbuilds.orgSlackBuilds.org - landrunSlackBuilds.org - SlackBuild Script Repository

**n0toose** @n0toose@chaos.social · Feb 22

Feb 22

n0toose @n0toose@chaos.social

I'd like to share something nice that I am currently working on: A Landlock integration for Forgejo.

Landlock (https://landlock.io) lets userspace processes tell the kernel "hey kernel, please only let me access the following filesystem resources" (and it also supports sockets, etc. now).

My integration only limits unfettered access to arbitrary files. It needs a lot more yak shaving (refactoring, configurations, using the PATH variable for Git binaries) and time.

Screenshot of a Forgejo instance running Landlock. The screenshot contains a repository in Forgejo with a README file.

Title: landlock-test
Description: This repository was created using a Forgejo instance that is protected under Landlock, which limits unfettered access to paths and binaries on the system running Forgejo. This is a heavy proof of concept and needs much further work to be integrated reliably.

#landlock #forgejo

Replied in thread

**boredsquirrel** @Rhababerbarbar@tux.social · Jan 18

Jan 18

boredsquirrel @Rhababerbarbar@tux.social

@kde@floss.social @kde@lemmy.kde.social

For people interested, maybe #crabjail and #crablock can be a solution!

https://codeberg.org/crabjail/crablock

A #sandboxing tool written in #Rust, featuring " bleeding edge #Linux #security features like #Landlock or MDWE_REFUSE_EXEC_GAIN."

Codeberg.orgcrablockYet another Linux sandboxing tool.

**Mickaël Salaün** @l0kod@mastodon.social · Dec 16, 2024

Dec 16, 2024

Mickaël Salaün @l0kod@mastodon.social

I'll give a talk at #FOSDEM: #Sandbox IDs with #Landlock
We'll talk about the challenges to identify sandboxed processes in a safe and unprivileged way, and how that could be used to identify #containers.
https://fosdem.org/2025/schedule/event/fosdem-2025-6071-sandbox-ids-with-landlock/
#FOSDEM2025 #container

fosdem.orgFOSDEM 2025 - Sandbox IDs with Landlock

**Remi Gacogne** @rgacogne@mamot.fr · Jul 16, 2024

Jul 16, 2024

Remi Gacogne @rgacogne@mamot.fr

@l0kod Hi! I just wanted to let you know that we recently merged a PR using #Landlock to restrict access to the filesystem for the downloader process of the pacman package manager: https://gitlab.archlinux.org/pacman/pacman/-/merge_requests/167
If you are bored and see anything wrong, please feel free to ping me or Allan :) In any case, thanks a lot for Landlock, it's awesome!

GitLabRestrict filesystem access to the download process whenever possible (!167) · Merge requests · Pacman / Pacman · GitLabHi! This is a follow-up to the sandboxing work, restricting filesystem access to the downloader process when sandboxing is enabled and LandLock support is available. Right...