Mickaël SalaünDec 5
Just released Island 🏝️, a sandboxing tool powered by #Landlock.
It auto‑confines processes according to the caller's context (e.g. CWD) and comes with slick Zsh integration, so you can use your terminal naturally without command prefixes. Feedback welcome!
https://github.com/landlock-lsm/island
Show threadRaphaël RigoDec 6
@l0kod are you planning to add network support?
Show threadMickaël SalaünDec 6
@trou Only TCP is supported for now, but UDP support is WIP: https://github.com/landlock-lsm/linux/issues/10
and the socket creation restriction is almost ready: https://github.com/landlock-lsm/linux/issues/6
More reviewers would help 😉
Show threadRaphaël RigoDec 6
@l0kod I meant in the island config file :) I did not find obvious ref for it but did not look in the source code
Show threadMickaël SalaünDec 6
@trou You can restrict TCP connect and bind, see [[net_port]]: https://github.com/landlock-lsm/landlockconfig/blob/main/examples/mini-write-tmp.toml
Show threadMickaël Salaün
@trou there is definitely room for doc improvement, but I wanted to release it sooner than later. Contributions are welcome too!
Dec 6 at 2:55pmMastodon for Android