Post Syndicated from corbet original https://lwn.net/Articles/1048704/

The prizrak.me blog is carrying an introduction to the
Landlock security module.

Landlock shines when an application has a predictable set of files
or directories it needs. For example, a web server could restrict
itself to accessing only /var/www/html and /tmp.

Unlike SELinux or AppArmor, Landlock policies don’t require
administrator involvement or system-wide configuration. Developers
can embed policies directly in application code, making sandboxing
a natural part of the development process.