Module polkadot_node_core_pvf_common::worker::security::landlock

The landlock docs say it best:

“Landlock is a security feature available since Linux 5.13. The goal is to enable to restrict ambient rights (e.g., global filesystem access) for a set of processes by creating safe security sandboxes as new security layers in addition to the existing system-wide access-controls. This kind of sandbox is expected to help mitigate the security impact of bugs, unexpected or malicious behaviors in applications. Landlock empowers any process, including unprivileged ones, to securely restrict themselves.”

Constants

• LANDLOCK_ABI
  Landlock ABI version. We use ABI V1 because:

Functions

• check_is_fully_enabled
  Runs a check for landlock and returns a single bool indicating whether the given landlock ABI is fully enabled on the current Linux environment.
• get_status
  Returns to what degree landlock is enabled with the given ABI on the current Linux environment.
• status_is_fully_enabled
  Based on the given status, returns a single bool indicating whether the given landlock ABI is fully enabled on the current Linux environment.
• try_restrict_thread
  Tries to restrict the current thread with the following landlock access controls: