Explore the intricacies of Landlock, a security sandboxing mechanism, in this 29-minute conference talk by Mickaël Salaün from Microsoft. Delve into the fundamentals of security sandboxing, understand Landlock's purpose and functionality, and learn how to implement it effectively. Discover current access-control features for filesystems, the process of creating rulesets, adding rules, and enforcing them. Gain insights into Landlock's development history, design priorities, and guiding principles, including unprivileged access control and composed security policies. Examine the concept of LSM stacking, sandbox policy composition, and the importance of user space testing and kernel fuzzing. Understand the Minimum Viable Product approach, design limitations, and get a glimpse of the kernel-side roadmap for Landlock's future development.