Skip to content

cnaize/landbox

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
bin
bin
 
 
testdata
testdata
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
helper.go
helper.go
 
 
options.go
options.go
 
 
sandbox.go
sandbox.go
 
 
sandbox_test.go
sandbox_test.go
 
 

Repository files navigation

Landbox — Landlock "os/exec.Command()" replacement

package main

import "github.com/cnaize/landbox"

func main() {
	// allow only: ro="/usr", rw="/tmp"
	sandbox := landbox.NewSandbox(landbox.Paths{"/usr"}, landbox.Paths{"/tmp"}, nil)
	defer sandbox.Close()

	// deny any other directory
	output, _ := sandbox.Command("ls", "/home").CombinedOutput()

	println(string(output))
	// Executing the sandboxed command...
	// ls: cannot open directory '/home': Permission denied
}

Features:

  • Thread safe
  • Linux amd64 support
  • Linux arm64 support

Requirements:

  • Linux kernel 5.13+ (for Landlock LSM support)

About

Landbox — Landlock "os/exec.Command()" replacement

github.com/cnaize/landbox

Topics

linux security sandbox cybersecurity sandboxing lsm landlock

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 3

v0.3.2 Latest
Mar 12, 2026
+ 2 releases

Contributors

Languages