landbox

package module
v0.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 1, 2026 License: MIT Imports: 10 Imported by: 1

README

Landbox — Landlock "os/exec.Command()" replacement

package main

import "github.com/cnaize/landbox"

func main() {
	// allow only: ro="/usr", rw="/tmp"
	sandbox := landbox.NewSandbox(landbox.Paths{"/usr"}, landbox.Paths{"/tmp"}, nil)
	defer sandbox.Close()

	// deny everything else
	output, _ := sandbox.Command("ls", "/home").CombinedOutput()

	println(string(output))
	// Executing the sandboxed command...
	// ls: cannot open directory '/home': Permission denied
}

Features:

  • Thread safe
  • Linux amd64 support
  • Linux arm64 support

Requirements:

  • Linux kernel 5.13+ (for Landlock LSM support)

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Options 

type Options struct {
	TCPListen   Ports
	TCPConnect  Ports
	DenySockets bool
	DenySignals bool
}

func (Options) Scope 

func (o Options) Scope() string

type Paths added in v0.2.0 

type Paths []string

func (Paths) String added in v0.2.0 

func (p Paths) String() string

type Ports 

type Ports []uint16

func (Ports) String 

func (p Ports) String() string

type Sandbox 

type Sandbox struct {
	// contains filtered or unexported fields
}

func NewSandbox 

func NewSandbox(roPaths, rwPaths Paths, options *Options) *Sandbox

func (*Sandbox) Close 

func (s *Sandbox) Close() error

func (*Sandbox) Command 

func (s *Sandbox) Command(name string, arg ...string) *exec.Cmd

func (*Sandbox) CommandContext 

func (s *Sandbox) CommandContext(ctx context.Context, name string, arg ...string) *exec.Cmd

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.