README
¶
Landbox — Landlock "os/exec.Command()" replacement
package main
import "github.com/cnaize/landbox"
func main() {
// allow only: ro="/usr", rw="/tmp"
sandbox := landbox.NewSandbox(landbox.Paths{"/usr"}, landbox.Paths{"/tmp"}, nil)
defer sandbox.Close()
// deny any other directory
output, _ := sandbox.Command("ls", "/home").CombinedOutput()
println(string(output))
// Executing the sandboxed command...
// ls: cannot open directory '/home': Permission denied
}
Features:
- Thread safe
- Linux amd64 support
- Linux arm64 support
Requirements:
- Linux kernel 5.13+ (for Landlock LSM support)
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ErrInitFailed = errors.New("init failed")
Functions ¶
This section is empty.
Types ¶
type Options ¶
type Options struct {
TCPListen Ports `json:"tcp_listen" yaml:"tcp_listen"` // nil: allow all, empty: deny all
TCPConnect Ports `json:"tcp_connect" yaml:"tcp_connect"` // nil: allow all, empty: deny all
DenySockets bool `json:"deny_sockets" yaml:"deny_sockets"`
DenySignals bool `json:"deny_signals" yaml:"deny_signals"`
EnableDebug bool `json:"-" yaml:"-"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.