landlock

About this tag
Landlock is a Linux security module that allows unprivileged processes to define file system access policies, constraining their own file operations. A recent thread on WindowsForum.com discusses CVE-2025-68736, a kernel fix addressing a Landlock bug related to disconnected directories. The vulnerability could allow access-right widening when processes interact with files or directories that have become disconnected from a bind-mount point. The fix ensures proper handling of such disconnected directories, maintaining the intended sandboxing behavior. This topic is relevant for Linux users and administrators interested in kernel security, sandboxing, and access control mechanisms.
  1. CVE-2025-68736: Landlock Disconnected Directory Fix in Linux Kernel

    The Linux kernel CVE-2025-68736 addresses a subtle Landlock sandboxing bug: landlock: Fix handling of disconnected directories, a behavior change intended to prevent access-right widening when processes interact with files or directories that have become disconnected from a bind-mount point...