We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Backward and forward compatibility for security features

Formal Metadata

Title
Backward and forward compatibility for security features
Title of Series
Number of Parts
542
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Application developers working and testing with a specific kernel version should be able to easily control their application compatibility behavior with previous (and future) kernel versions as well. We developed a Landlock library (for security sandboxing purpose) that protects users as much as possible while making the work of application developers easier and safer. This talk gives feedback about the development of a security library that needs to deal with backward and forward compatibility, because of security features tied to specific kernel versions, handling different use cases in a safe and secure way. We explain patterns that we used to make it possible to fine tune the requested (optional) features while providing a safe default behavior. For simple use cases, the idea is to provide a best-effort security approach for potentially unsupported kernel features: use available features and ignore others. However, in more complex use cases, we may want to make some features depend on others. We may also want to handle errors differently based on unsupported features.