Feb 5, 2024
Just noticed the new "Landlock" feature in Linux.
I haven't looked deeply enough to opine on design specifics, but from a birds-eye view: finally!
If you think about software security much, you know how frustrating it is that unprivileged processes have so few options for reducing their privileges even further.
And of course, only from inside the program can you get the most precise idea of how much you can limit your capabilities - just how little your logic needs.
So I really love seeing yet another step to the beautiful future where we can write programs that lock themselves down as much as possible.