With Linux 7.0, Landlock gains the new LANDLOCK_RESTRICT_SELF_TSYNC feature. With this new flag to the landlock_restrict_self(2) system call, the Landlock policy enforcement is applied to the entire process rather than just the calling thread. (The naming is analogous to the similarly named SECCOMP_FILTER_FLAG_TSYNC flag for Seccomp-BPF.) The old workaround This works around Landlock’s need for libpsx in multithreaded environments. Libpsx is a user-space library which uses low-level tricker...
No comments yet. Log in to reply on the Fediverse. Comments will appear here.