diff options
| -rw-r--r-- | network/landrun/README | 20 | ||||
| -rw-r--r-- | network/landrun/landrun.SlackBuild | 120 | ||||
| -rw-r--r-- | network/landrun/landrun.info | 10 | ||||
| -rw-r--r-- | network/landrun/slack-desc | 19 |
4 files changed, 169 insertions, 0 deletions
diff --git a/network/landrun/README b/network/landrun/README new file mode 100644 index 0000000000..1d8e2a4252 --- /dev/null +++ b/network/landrun/README @@ -0,0 +1,20 @@ +landrun (secure sandbox for running Linux processes using Landlock) + +landrun is a lightweight, secure sandbox for running Linux processes +using Landlock. Think firejail, but with kernel-level security and +minimal overhead. + +Linux Landlock is a kernel-native security module that lets unprivileged +processes sandbox themselves. + +landrun makes it practical to sandbox any command with fine-grained +filesystem and network access controls. No root, containers, or +SELinux/AppArmor configs needed. + +It’s lightweight, auditable, and wraps Landlock v5 features (file +access and TCP restrictions). + +To check Landlock support, look for CONFIG_SECURITY_LANDLOCK=y in your +kernel config. Run grep CONFIG_SECURITY_LANDLOCK /boot/config as root. +If it returns CONFIG_SECURITY_LANDLOCK=y, Landlock is enabled. + diff --git a/network/landrun/landrun.SlackBuild b/network/landrun/landrun.SlackBuild new file mode 100644 index 0000000000..8a0ffea275 --- /dev/null +++ b/network/landrun/landrun.SlackBuild @@ -0,0 +1,120 @@ +#!/bin/bash +# +# DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE +# Version 2, December 2004 +# +# Copyright (C) 2004 Sam Hocevar <sam@hocevar.net> +# +# Everyone is permitted to copy and distribute verbatim or modified +# copies of this license document, and changing it is allowed as long +# as the name is changed. +# +# DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE +# TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION +# +# +# 0. You just DO WHAT THE FUCK YOU WANT TO. +# +# SlackBuild script for landrun +# ============================= +# By: r1w1s1 (https://fosstodon.org/@r1w1s1) +# For: landrun +# Descr: secure sandbox for running Linux processes using Landlock +# URL: +# Changelog: +# v0.1.12: 25/Mar/2025 by r1w1s1 - Initial build from sources. + +cd $(dirname $0) ; CWD=$(pwd) + +# improves robustness, error handling, and security +set -euo pipefail +IFS=$'\n\t' + +PRGNAM=landrun +VERSION=${VERSION:-0.1.12} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} +PKGTYPE=${PKGTYPE:-tgz} +ARCH=${ARCH:-} +PRINT_PACKAGE_NAME=${PRINT_PACKAGE_NAME:-} + +# Automatically determine the architecture +if [ -z "$ARCH" ]; then + case "$(uname -m)" in + i?86) ARCH=i586 ;; + arm*) ARCH=arm ;; + *) ARCH=$(uname -m) ;; + esac +fi + +TMP=${TMP:-/tmp/SBo} +PKG=${TMP}/package-${PRGNAM} +OUTPUT=${OUTPUT:-/tmp} + +if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then + echo "$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE" + exit 0 +fi + +rm -rf "$PKG" +mkdir -p "$TMP" "$PKG" "$OUTPUT" +cd "$TMP" + +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +elif [ "$ARCH" = "aarch64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$VERSION + +rm -rf ${PRGNAM}-${VERSION} +tar xvf $CWD/${PRGNAM}-${VERSION}.tar.gz +cd ${PRGNAM}-${VERSION} + +# Set permissions +chown -R root:root . +find -L . \ + \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ + -o -perm 511 \) -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ + -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; + +# Build the binary +go build -o landrun cmd/landrun/main.go + +# Install the binary to /usr/bin +mkdir -p $PKG/usr/bin +install -m 0755 landrun $PKG/usr/bin/landrun + +# Strip binaries +find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +# Copy documentation (if any exists) +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a README.md LICENSE $PKG/usr/doc/$PRGNAM-$VERSION 2>/dev/null || true +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +# Create slack-desc +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc + +# Build the package +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE + diff --git a/network/landrun/landrun.info b/network/landrun/landrun.info new file mode 100644 index 0000000000..5400181375 --- /dev/null +++ b/network/landrun/landrun.info @@ -0,0 +1,10 @@ +PRGNAM="landrun" +VERSION="0.1.12" +HOMEPAGE="https://github.com/Zouuup/landrun" +DOWNLOAD="https://github.com/Zouuup/landrun/archive/v0.1.12/landrun-0.1.12.tar.gz" +MD5SUM="6ca2d2bc982438d9d39e1759186878bb" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" +REQUIRES="google-go-lang" +MAINTAINER="r1w1s1" +EMAIL="r1w1s1@fastmail.com" diff --git a/network/landrun/slack-desc b/network/landrun/slack-desc new file mode 100644 index 0000000000..596338fa9b --- /dev/null +++ b/network/landrun/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. +# Line up the first '|' above the ':' following the package name, and the '|' +# on the right side marks the last column you should put a character in. You +# must make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +landrun: landrun (A Go-based tool) +landrun: +landrun: landrun is a tool written in Go. (Add specific description here based +landrun: on the project's purpose once clarified from the GitHub repo.) +landrun: +landrun: Homepage: https://github.com/Zouuup/landrun +landrun: +landrun: +landrun: +landrun: +landrun: |