The prizrak.me blog is carrying an introduction to the
Landlock security module.

Landlock shines when an application has a predictable set of files
or directories it needs. For example, a web server could restrict
itself to accessing only /var/www/html and /tmp.

Unlike SELinux or AppArmor, Landlock policies don't require
administrator involvement or system-wide configuration. Developers
can embed policies directly in application code, making sandboxing
a natural part of the development process.

https://lwn.net/Articles/1048704/
--- SBBSecho 3.32-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (86:200/23)