September 27-30, 2021
Seattle, Washington, USA + Virtual
View More Details & Registration

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit + Embedded Linux Conference + OSPOCon 2021 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Pacific Daylight Time (UTC -7). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

Back To Schedule
Tuesday, September 28 • 11:00am - 11:50am
(VIRTUAL) Sandboxing Applications with Landlock - Mickaël Salaün, Microsoft

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Landlock is a new security feature (available since Linux 5.13) that enables developers to sandbox their applications. Perfect security doesn’t fit with pragmatic development, hence the need to harden applications. The goal is to protect user data from unauthorized access or disclosure by making it possible to only allow access to a subset of files. Contrary to other mandatory access control mechanisms (e.g., SELinux, AppArmor), Landlock empowers any process, including unprivileged ones, to securely restrict themselves. This talk focuses on the use of Landlock by user space, explaining the rationale behind the design, how backward and forward compatibility are handled, what features are currently available and what could come next. More information can be found on the official website: https://landlock.io

avatar for Mickaël Salaün

Mickaël Salaün

Senior Software Engineer, Microsoft
Mickaël Salaün is a security researcher and open source enthusiast. He is mostly interested in Linux-based operating systems, especially from a security point of view. He has built security sandboxes before hacking into the kernel on a new LSM called Landlock, of which he is now... Read More →

Tuesday September 28, 2021 11:00am - 11:50am PDT
MeetingPlay Platform + Virtual Learning Lab
  Linux Systems, Security