Skip to content

[Feature Request] Enable Landlock in Firecracker guest kernel configs #5997

Description

@lukehinds

Feature Request

Firecracker's guest kernel CI configs currently build Linux kernels with Landlock disabled and with landlock absent from the configured LSM list.

For example, the current 6.1 guest configs include:

# CONFIG_SECURITY_LANDLOCK is not set
CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor,bpf"

Describe the desired solution

Would the project consider enabling Landlock in the guest kernel configs and adding it to CONFIG_LSM?

Suggested effective configuration:

CONFIG_SECURITY_LANDLOCK=y
CONFIG_LSM="landlock,lockdown,yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor,bpf"

Additional context

Firecracker provides a strong microVM isolation boundary. Landlock enables a complementary layer inside the guest: unprivileged, process-local, kernel-enforced sandboxing that can be used by higher-level runtimes, developer tools, build systems, agent sandboxes, and application frameworks to provide fine-grained isolation.

These tools can use Landlock to reduce the authority of individual guest processes without requiring privileges, containers, or additional host configuration. This composes well with Firecracker:

  • Firecracker provides the guest/host boundary.
  • Landlock provides fine-grained in-guest restrictions for individual processes.
  • Higher-level sandboxes can enforce least privilege inside the microVM rather than relying only on the outer VM boundary.
  • This is useful for workloads that intentionally run untrusted or semi-trusted code inside a microVM but still want per-process filesystem restrictions within the guest

The behavior would then be to run the following inside a Firecracker kernel:

cat /sys/kernel/security/lsm

And see include landlock, allowing userspace to be able to detect and use the supported Landlock ABI.

For Linux 6.1, this would enable the filesystem-oriented Landlock features available on that kernel series. Newer Landlock features that require later kernels would naturally remain unavailable until the guest kernel version is updated.

That gives Firecracker users a better default foundation for layered isolation inside the microVM, while preserving Firecracker's role as the outer isolation boundary.

Note: This request is separate from host-side jailer hardening in PR #5771 . Enabling Landlock in the guest kernel does not change Firecracker's host-side security model. It simply makes a standard upstream Linux unprivileged sandboxing mechanism available to guest userspace.

I am happy to help in anyway, make the pull request, ensure test coverage , documentation etc

Checks

  • Have you searched the Firecracker Issues database for similar requests?
  • Have you read all the existing relevant Firecracker documentation?
  • Have you read and understood Firecracker's core tenets?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions