Techly NewsGet the app

Get the latest tech news

Landrun: Sandbox any Linux process using Landlock, no root or containers


Run any Linux process in a secure, unprivileged sandbox using Landlock LSM. Think firejail, but lightweight, user-friendly, and baked into the kernel. - Zouuup/landrun

You must explicitly add the path to the command you want to run with the--ro flag For system commands, you typically need to include/usr/bin,/usr/lib, and other system directories When using--exec, you still need to specify the directories containing executables with--ro Network restrictions require Linux kernel 6.8 or later with Landlock ABI v5 The--best-effort flag allows graceful degradation on older kernels that don't support all requested restrictions FeatureMinimum Kernel VersionLandlock ABI VersionBasic filesystem sandboxing5.131File referring/reparenting control5.172File truncation control6.13Network TCP restrictions6.85If you receive "permission denied" or similar errors: Ensure you've added all necessary paths with--ro or--rw Try running with--log-level debug to see detailed permission information Check that Landlock is supported and enabled on your system:

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Linux

Linux

Photo of Sandbox

Sandbox

Photo of containers

containers

Related news:

News photo

When you deleted /lib on Linux while still connected via SSH (2022)

News photo

"Termux + X11 on my Android tablet...feels pretty close to a real Linux setup."

News photo

AMD RDNA 3.5 Cleaner Shader Support Prepped For Linux 6.15

« PyTorch Internals: Ezyang's Blog
Understanding R1-Zero-Like Training: A Critical Perspective »