diff --git a/changelog/changes/2024-07-29-landlock.md b/changelog/changes/2024-07-29-landlock.md
new file mode 100644
index 0000000000..3c56dcda3c
--- /dev/null
+++ b/changelog/changes/2024-07-29-landlock.md
@@ -0,0 +1 @@
+- The kernel security module Landlock is now enabled for programs to sandbox themselves ([flatcar/scripts#2158](https://github.com/flatcar/scripts/pull/2158))
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.6 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.6
index c676bdc88e..285289282d 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.6
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.6
@@ -424,7 +424,7 @@ CONFIG_LIBFCOE=m
 # CONFIG_LOCALVERSION_AUTO is not set
 CONFIG_LOG_BUF_SHIFT=18
 CONFIG_LOOPBACK_TARGET=m
-CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"
+CONFIG_LSM="landlock,lockdown,yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"
 CONFIG_LWTUNNEL=y
 CONFIG_MACVLAN=m
 CONFIG_MACVTAP=m
@@ -821,6 +821,7 @@ CONFIG_SCSI_SYM53C8XX_2=m
 CONFIG_SCSI_VIRTIO=m
 CONFIG_SCTP_COOKIE_HMAC_SHA1=y
 CONFIG_SECURITY=y
+CONFIG_SECURITY_LANDLOCK=y
 CONFIG_SECURITY_LOCKDOWN_LSM=y
 CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
 CONFIG_SECURITY_NETWORK=y