Linux kernel ‘lockdown’ feature

After years of countless reviews, discussions, and code rewrites, Linus Torvalds approved on Saturday a new security feature for the Linux kernel, named “lockdown.”

The new feature will ship as a LSM (Linux Security Module) in the soon-to-be-released Linux kernel 5.4 branch, where it will be turned off by default; usage being optional due to the risk of breaking existing systems.

PUTTING A LEASH ON THE ROOT ACCOUNT

The new feature’s primary function will be to strengthen the divide between userland processes and kernel code by preventing even the root account from interacting with kernel code — something that it’s been able to do, by design, until now.

When enabled, the new “lockdown” feature will restrict some kernel functionality, even for the root user, making it harder for compromised root accounts to compromise the rest of the OS.

“The lockdown module is intended to allow for kernels to be locked down early in [the] boot [process],” said Matthew Garrett, the Google engineer who proposed the feature a few years back.

By Catalin Cimpanu

September 29, 2019

Click here to read the full article on ZDNet

More Posts

May 11 through 14, 2026

This week I will be working on completing adding pages to the bbn-net.com website. I will also be working on my online courses. The information

May 04 through 07, 2026

This week I will be preparing the April monthly report, This week I will be monitoring the bbn-net.com website to improve the SEO performance of

April 27 through 30, 2026

This week I will be preparing for the end of month. This week I will be preparing for the end of month. I will be

April 20 through 23, 2026

This week I will be adding pages and content to the bbn-net.com website. These additions will have no impact on site functions but will simply