News from #sydbox #git: #Landlock compatibility levels are now supported with the "default/lock" option. Default compat level has been changed from "best-effort" to "hard-requirement" to adhere to the principle of secure defaults. Our standalone #Landlock utility syd-lock learned "-C" option to interface with compat levels. ENOENT, aka "No such file or directory" errors during sandbox setup are now fatal unless compat level has been set to "best-effort". #linux #security https://man.exherbo.org/syd-lock.1.html