Bug 2103989

Summary: RFE: Consider enabling the Landlock LSM
Product: Red Hat Enterprise Linux 9 Reporter: Timothée Ravier <travier>
Component: kernelAssignee: Štěpán Horáček <shoracek>
kernel sub component: Security QA Contact: Kernel General QE <kernel-general-qe>
Status: NEW --- Docs Contact:
Severity: low    
Priority: low CC: bstinson, jwboyer, mic, onatalen, vrajput
Version: 9.2Keywords: FutureFeature, Reopened
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-07-05 17:04:19 UTC Type: Story
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Timothée Ravier 2022-07-05 13:46:39 UTC 
Feature request / new config option: Consider enabling the Landlock LSM

See:
- https://landlock.io/
- https://docs.kernel.org/security/landlock.html
- https://docs.kernel.org/userspace-api/landlock.html

It has been enabled in Fedora since the 5.13.4 kernel packages (F34 update and later).

See initial change in https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1087.