Security Model

Defense in depth — from syscall filtering to hardware isolation.

Landlock LSM

Volt uses Landlock (Linux Security Module) to restrict filesystem access for every workload. Unlike traditional MAC systems, Landlock is stackable, unprivileged, and requires no system-wide configuration.

# Example Landlock policy (auto-generated)
{
  "fs_read": ["/usr", "/etc/ssl", "/var/data"],
  "fs_write": ["/var/data", "/tmp"],
  "fs_execute": ["/usr/bin", "/usr/sbin"],
  "net_bind": [80, 443],
  "net_connect": [5432, 6379]
}

Volt auto-generates Landlock policies based on workload analysis. You can also define custom policies.

Seccomp Filtering

Every container runs with a seccomp filter that restricts available syscalls. The default profile blocks dangerous syscalls like mount, reboot, kexec_load, and ptrace while allowing the ~200 syscalls needed for typical applications.

Capability Dropping

Linux capabilities are dropped by default. A Volt container starts with zero capabilities — no CAP_SYS_ADMIN, no CAP_NET_RAW, no CAP_SYS_PTRACE. Capabilities must be explicitly granted if needed.

No Root Daemon

Docker requires a root-privileged daemon (dockerd) listening on a Unix socket. That socket is a well-documented privilege escalation vector — anyone who can write to /var/run/docker.sock effectively has root access to the host. Volt has no daemon. No socket. No escalation vector.

VM Isolation (Neutron Stardust)

For workloads that require kernel-level isolation, Neutron Stardust provides a completely separate kernel per workload via KVM. A vulnerability in the guest kernel cannot affect the host — unlike containers, which share the host kernel.

Container vs VM Isolation