Landlock is a proposal for a new Linux Security Module (LSM) to create secure sandboxes with the goal “to empower any process, including unprivileged ones, to securely restrict themselves.” This presentation will give an overview on what Landlock is, discuss the current status of the patchset and demonstrate how Landlock works, as well as its differences compared to other Linux security modules.

BPF is a Linux in-kernel virtual machine that is used for networking, tracing, seccomp and more. This talk will give an introduction to the extended BPF subsystem in Linux, an overview on how it works, show available tools to work with and explain possibilities as well as limits.