Landrun: Sandbox any Linux process using Landlock, no root or containers

github.com

518 points by Zoup 2 months ago


Zoup - 2 months ago

Linux Landlock is a kernel-native security module that lets unprivileged processes sandbox themselves - but nobody uses it because the API is ... hard!

I built `landrun`, a small CLI tool in Go, to make it practical to sandbox any command with fine-grained filesystem and network access controls. No root. No containers. No SELinux/AppArmor configs.

It's lightweight, auditable, and wraps Landlock v5 features (file access + TCP restrictions).

Demo + usage examples in the README.

Would love feedback from the HN crowd!

aucisson_masque - 2 months ago

Would that make feasible (in the long term) to have macOS permission manager like « do you want terminal to access documents folder ? » on Linux ?

As a very average user, that’s the kind of thing I miss on windows and Linux.

Because I installed Google chrome, it doesn’t mean I want it to be able to scan every single file I have on my computer yet there is no way to prevent it and I feel it’s a big security and privacy issue that no one speak about !

qwertox - 2 months ago

My biggest problem with Linux is that there are no per-process firewall settings. I think one can get around this by using AppArmor or using an user per app and assigning rules to a user.

I've used Linux for over a decade now, but there are still many things I haven't learned, so maybe I'm missing something in this regard.

The GitHub page says

- TCP network access control (binding and connecting)

and

- Support for UDP and other network protocol restrictions (when supported by Linux kernel)

so maybe this can be used to firewall processes in an easy way (assuming that it is easy to set up landrun)?

Zoup - 2 months ago

Thank you all for your support, I really didn't expect this to take off like this! given that project is roughly two days old (:D) it's still fair to expect some issues all around, please report them on GH if you found one.

teleforce - 2 months ago

There's very nice presentation on Landlock in the last year Open Source Europe Summit Europe [1].

[1] Linux Sandboxing with Landlock - Mickaël Salaün, Microsoft [video]:

https://youtu.be/d85TDpv8L9U

simjnd - 2 months ago

Super cool project. Justine Tunney released the `pledge` cli [1] a couple years ago that does the same thing, wrapping Landlock.

[1]: https://justine.lol/pledge/

dpc_01234 - 2 months ago

Seems like a Nix could take a good advantage of Landlock, as it already (kind of) knows all the paths processes need access to.

thiht - 2 months ago

How does the Landlock API compare to mount/network namespaces, as used in Docker containers? As I understand it, namespaces are for isolation, and Landlock would be more like access permissions, is that correct?

Could it be possible for the system to use the Landlock api to catch unauthorized net/fs access by an app and display a popup to ask for authorization, like macOS does?

zahlman - 2 months ago

I get that the "o" in "--ro" is supposed to stand for "only", but this feels clunky to me (especially if there's also a "--rox", which is self-contradictory). I like my long options to be, well, long (complete English words), and backed up by short options. In this case, I'd propose having "-r, --read, -w, --write, -x, --exec", and allowing the short options to be combined as flags (i.e. -rwx).

khrbtxyz - 2 months ago

I don't quite understand what --exec does. If I leave out --exec from example 3, is it supposed to prevent bash from executing other programs?

  $ landrun --log-level debug --ro /usr/bin,/lib,/lib64 /usr/bin/bash --norc
  [landrun] 2025/03/22 17:16:29 Sandbox config: {ReadOnlyPaths:[/usr/bin /lib /lib64] ReadWritePaths:[] AllowExec:false BindTCPPorts:[] ConnectTCPPorts:[] BestEffort:true}
  [landrun:debug] 2025/03/22 17:16:29 Adding read-only path: /usr/bin
  [landrun:debug] 2025/03/22 17:16:29 Adding read-only path: /lib
  [landrun:debug] 2025/03/22 17:16:29 Adding read-only path: /lib64
  [landrun:debug] 2025/03/22 17:16:29 Applying Landlock restrictions
  [landrun] 2025/03/22 17:16:29 Landlock restrictions applied successfully
  [landrun] 2025/03/22 17:16:29 Executing: [/usr/bin/bash --norc]
  bash-5.2$ 
  bash-5.2$ /usr/bin/uname -r
  6.13.7-200.fc41.aarch64
machinestops - 2 months ago

Seems pretty cool, but I would probably object to `--best-effort` being enabled by default. This is a sandbox and a security boundary, and degrading security should probably be opt-in rather than opt-out.

- 2 months ago
[deleted]
zekrioca - 2 months ago

How does one do resource control with Landrun, e.g., CPU, memory, I/O..?

dmitrygr - a month ago

> --best-effort: Use best effort mode, falling back to less restrictive sandbox if necessary [default: enabled]

Enabled by default: this strikes me as a particularly poor design choice

jbverschoor - 2 months ago

Imo, (almost) every directory should be treated as a new sandbox

johnisgood - 2 months ago

I will just leave this here: https://man.archlinux.org/man/firejail.1

And someone also said, but Firejail supports Landlock, too: https://github.com/netblue30/firejail/pull/6078.

nickandbro - 2 months ago

This is great, I run a hobby project, vimgolf.ai, to get my friends to learn vim and had to do a lot with firejail to sandbox the neovim instances correctly. This looks be a lot easier to setup

btdmaster - 2 months ago

Very cool project! I was curious if this was possible with util-linux (provider of the unshare command that provides namespace management, the underlying feature behind containers), and it is indeed possible:

setpriv --landlock-access 'fs:remove-file,remove-dir,write-file,make-reg' touch /tmp/foo # Permission denied

setpriv --landlock-access 'fs:remove-file,remove-dir,write-file,make-reg' --landlock-rule "path-beneath:make-reg:/tmp" touch /tmp/foo # Allowed

Very verbose unlike unshare and really deals with internal details, so I'd find it hard to use setpriv in practice.

exabrial - a month ago

Apparmor, systemd, containers, lxc… landlock.

Hard to choose! One thing I don’t run anymore is docker.

ximm - 2 months ago

This looks nice, but I fail to see any use cases that cannot be handled with bwrap and mount namespaces.

borplk - 2 months ago

Weird question, but would this work inside docker as "extra protection"?

Zoup - 2 months ago

V0.1.11 out, with env support and bunch of other fixes, update!

sandreas - a month ago

Is this comparable to systemd-nspawn / systemd-run?

aw4y - 2 months ago

nice! it would be cool (since it's in Go) how to use it like a library, sandboxing some exec directly from your code.

riobard - 2 months ago

Is it just me or Linux seems to have too many non-orthogonal ways to restrict processes? Like why Landlock does TCP filtering based on port only? What about non-TCP traffic and maybe IP based restrictions is more useful? How does it interact with Netfilter? Puzzling.

gogasca - a month ago

[dead]

trizuz - a month ago

[dead]

teabee89 - 2 months ago

Nice work! Too bad it's GPL v2 :(