landrun (secure sandbox for running Linux processes using Landlock)

landrun is a lightweight, secure sandbox for running Linux processes
using Landlock. Think firejail, but with kernel-level security and
minimal overhead.

Linux Landlock is a kernel-native security module that lets unprivileged
processes sandbox themselves.

landrun makes it practical to sandbox any command with fine-grained
filesystem and network access controls. No root, containers, or
SELinux/AppArmor configs needed.

It’s lightweight, auditable, and wraps Landlock v5 features (file
access and TCP restrictions).

To check Landlock support, look for CONFIG_SECURITY_LANDLOCK=y in your
kernel config. Run grep CONFIG_SECURITY_LANDLOCK /boot/config as root.
If it returns CONFIG_SECURITY_LANDLOCK=y, Landlock is enabled.