| ▲ | PeterWhittaker 2 hours ago | |
So like using seccomp with a whitelist (fairly easy to do) with per-object access rights. I'd love to see a comparison of landlock to restricted containers. | ||
| ▲ | razighter777 an hour ago | parent [-] | |
Comparing landlock to containers isn't really an apples to apples comparison. Containers use a bunch of linux security mechanisms together like chroot seccomp and user namespaces to accomplish their goals. Landlock is just another building block that devs can use. Fun fact: because landlock is unprivleged, you can even use it inside containers; or to build an unprivileged container runtime :) | ||