blob: 1d8e2a42527c1d33dc22dcfbcef2aeb1814fbf90 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
landrun (secure sandbox for running Linux processes using Landlock)
landrun is a lightweight, secure sandbox for running Linux processes
using Landlock. Think firejail, but with kernel-level security and
minimal overhead.
Linux Landlock is a kernel-native security module that lets unprivileged
processes sandbox themselves.
landrun makes it practical to sandbox any command with fine-grained
filesystem and network access controls. No root, containers, or
SELinux/AppArmor configs needed.
It’s lightweight, auditable, and wraps Landlock v5 features (file
access and TCP restrictions).
To check Landlock support, look for CONFIG_SECURITY_LANDLOCK=y in your
kernel config. Run grep CONFIG_SECURITY_LANDLOCK /boot/config as root.
If it returns CONFIG_SECURITY_LANDLOCK=y, Landlock is enabled.
|
