CassandrichMar 17, 2024

A useful tool I created a few years ago but never really promoted much: usand

https://github.com/richfelker/usand

It creates no-network (cutting off main exfil vectors), read-only except for current dir and descendants, sandboxed environment to run low-trust code, even full build processes, within.

Only dependency is unshare(1) utility and Linux kernel with unprivileged namespace functionality.

GitHub - richfelker/usand: usand - convenient and minimal unshare(1)-based sandbox

usand - convenient and minimal unshare(1)-based sandbox - richfelker/usand

GitHub
Show threadd@nny "disc@" mcClanahan
@dalias thanks i might be using this
Mar 17, 2024 at 6:30pmWeb