Comment by razighter777

Comment by razighter777 4 days ago

0 replies

View on Hacker News

You can restrict the landlock syscalls with seccomp.

I also don't think doing so is extraordinarily useful.

If you allow something in landlock, it's still subject to traditional DAC and other restrictions because its a stackable LSM. It can only restrict existing access, not allow new accesses.