Landrun: Sandbox any Linux process using Landlock, no root or containers

github.com

518 points by Zoup a month ago


Zoup - a month ago

Linux Landlock is a kernel-native security module that lets unprivileged processes sandbox themselves - but nobody uses it because the API is ... hard!

I built `landrun`, a small CLI tool in Go, to make it practical to sandbox any command with fine-grained filesystem and network access controls. No root. No containers. No SELinux/AppArmor configs.

It's lightweight, auditable, and wraps Landlock v5 features (file access + TCP restrictions).

Demo + usage examples in the README.

Would love feedback from the HN crowd!

aucisson_masque - a month ago

Would that make feasible (in the long term) to have macOS permission manager like « do you want terminal to access documents folder ? » on Linux ?

As a very average user, that’s the kind of thing I miss on windows and Linux.

Because I installed Google chrome, it doesn’t mean I want it to be able to scan every single file I have on my computer yet there is no way to prevent it and I feel it’s a big security and privacy issue that no one speak about !

qwertox - a month ago

My biggest problem with Linux is that there are no per-process firewall settings. I think one can get around this by using AppArmor or using an user per app and assigning rules to a user.

I've used Linux for over a decade now, but there are still many things I haven't learned, so maybe I'm missing something in this regard.

The GitHub page says

- TCP network access control (binding and connecting)

and

- Support for UDP and other network protocol restrictions (when supported by Linux kernel)

so maybe this can be used to firewall processes in an easy way (assuming that it is easy to set up landrun)?

Zoup - a month ago

Thank you all for your support, I really didn't expect this to take off like this! given that project is roughly two days old (:D) it's still fair to expect some issues all around, please report them on GH if you found one.

teleforce - a month ago

There's very nice presentation on Landlock in the last year Open Source Europe Summit Europe [1].

[1] Linux Sandboxing with Landlock - Mickaël Salaün, Microsoft [video]:

https://youtu.be/d85TDpv8L9U

simjnd - a month ago

Super cool project. Justine Tunney released the `pledge` cli [1] a couple years ago that does the same thing, wrapping Landlock.

[1]: https://justine.lol/pledge/

dpc_01234 - a month ago

Seems like a Nix could take a good advantage of Landlock, as it already (kind of) knows all the paths processes need access to.

thiht - a month ago

How does the Landlock API compare to mount/network namespaces, as used in Docker containers? As I understand it, namespaces are for isolation, and Landlock would be more like access permissions, is that correct?

Could it be possible for the system to use the Landlock api to catch unauthorized net/fs access by an app and display a popup to ask for authorization, like macOS does?

zahlman - a month ago

I get that the "o" in "--ro" is supposed to stand for "only", but this feels clunky to me (especially if there's also a "--rox", which is self-contradictory). I like my long options to be, well, long (complete English words), and backed up by short options. In this case, I'd propose having "-r, --read, -w, --write, -x, --exec", and allowing the short options to be combined as flags (i.e. -rwx).

khrbtxyz - a month ago

I don't quite understand what --exec does. If I leave out --exec from example 3, is it supposed to prevent bash from executing other programs?

  $ landrun --log-level debug --ro /usr/bin,/lib,/lib64 /usr/bin/bash --norc
  [landrun] 2025/03/22 17:16:29 Sandbox config: {ReadOnlyPaths:[/usr/bin /lib /lib64] ReadWritePaths:[] AllowExec:false BindTCPPorts:[] ConnectTCPPorts:[] BestEffort:true}
  [landrun:debug] 2025/03/22 17:16:29 Adding read-only path: /usr/bin
  [landrun:debug] 2025/03/22 17:16:29 Adding read-only path: /lib
  [landrun:debug] 2025/03/22 17:16:29 Adding read-only path: /lib64
  [landrun:debug] 2025/03/22 17:16:29 Applying Landlock restrictions
  [landrun] 2025/03/22 17:16:29 Landlock restrictions applied successfully
  [landrun] 2025/03/22 17:16:29 Executing: [/usr/bin/bash --norc]
  bash-5.2$ 
  bash-5.2$ /usr/bin/uname -r
  6.13.7-200.fc41.aarch64
machinestops - a month ago

Seems pretty cool, but I would probably object to `--best-effort` being enabled by default. This is a sandbox and a security boundary, and degrading security should probably be opt-in rather than opt-out.

- a month ago
[deleted]
zekrioca - a month ago

How does one do resource control with Landrun, e.g., CPU, memory, I/O..?

dmitrygr - a month ago

> --best-effort: Use best effort mode, falling back to less restrictive sandbox if necessary [default: enabled]

Enabled by default: this strikes me as a particularly poor design choice

jbverschoor - a month ago

Imo, (almost) every directory should be treated as a new sandbox

johnisgood - a month ago

I will just leave this here: https://man.archlinux.org/man/firejail.1

And someone also said, but Firejail supports Landlock, too: https://github.com/netblue30/firejail/pull/6078.

nickandbro - a month ago

This is great, I run a hobby project, vimgolf.ai, to get my friends to learn vim and had to do a lot with firejail to sandbox the neovim instances correctly. This looks be a lot easier to setup

btdmaster - a month ago

Very cool project! I was curious if this was possible with util-linux (provider of the unshare command that provides namespace management, the underlying feature behind containers), and it is indeed possible:

setpriv --landlock-access 'fs:remove-file,remove-dir,write-file,make-reg' touch /tmp/foo # Permission denied

setpriv --landlock-access 'fs:remove-file,remove-dir,write-file,make-reg' --landlock-rule "path-beneath:make-reg:/tmp" touch /tmp/foo # Allowed

Very verbose unlike unshare and really deals with internal details, so I'd find it hard to use setpriv in practice.

exabrial - a month ago

Apparmor, systemd, containers, lxc… landlock.

Hard to choose! One thing I don’t run anymore is docker.

ximm - a month ago

This looks nice, but I fail to see any use cases that cannot be handled with bwrap and mount namespaces.

borplk - a month ago

Weird question, but would this work inside docker as "extra protection"?

Zoup - a month ago

V0.1.11 out, with env support and bunch of other fixes, update!

sandreas - a month ago

Is this comparable to systemd-nspawn / systemd-run?

aw4y - a month ago

nice! it would be cool (since it's in Go) how to use it like a library, sandboxing some exec directly from your code.

riobard - a month ago

Is it just me or Linux seems to have too many non-orthogonal ways to restrict processes? Like why Landlock does TCP filtering based on port only? What about non-TCP traffic and maybe IP based restrictions is more useful? How does it interact with Netfilter? Puzzling.

gogasca - a month ago

[dead]

trizuz - a month ago

[dead]

teabee89 - a month ago

Nice work! Too bad it's GPL v2 :(