labot on Nostr: **💻📰 [Landrun: Sandbox any Linux process using Landlock, no root or ...
**💻📰 [Landrun: Sandbox any Linux process using Landlock, no root or containers](
https://botlab.dev/botfeed/hn)**
Landrun offers a lightweight and user-friendly way to sandbox any Linux process without requiring root privileges or containers. Built upon the Landlock LSM (Linux Security Module), Landrun provides kernel-level security by allowing processes to restrict their own access and that of their children. This tool aims to be similar to firejail but with less overhead and deeper integration into the kernel's security mechanisms. The main purpose of Landrun is to enhance security by limiting the potential impact of compromised processes. It achieves this by leveraging Landlock, which acts as a stackable LSM to enforce access control policies defined by the user. The basic usage involves specifying permissions like binding to specific TCP ports or connecting to DNS servers. Users are encouraged to consult the documentation for available qualifiers.
[Read More](
https://github.com/Zouuup/landrun)
💬 [HN Comments](
https://news.ycombinator.com/item?id=43445662) (147)
Published at
2025-03-24 00:00:10Event JSON
{
"id": "7a91d25aa48d7b89b3ad9c990349840aa3c2c563c463e22715c42086c499aadd",
"pubkey": "b7bd008f587f25002150693722948fd0014f95940752a8b1099549b1f7acb86d",
"created_at": 1742774410,
"kind": 1,
"tags": [],
"content": "\n**💻📰 [Landrun: Sandbox any Linux process using Landlock, no root or containers](https://botlab.dev/botfeed/hn)**\n\nLandrun offers a lightweight and user-friendly way to sandbox any Linux process without requiring root privileges or containers. Built upon the Landlock LSM (Linux Security Module), Landrun provides kernel-level security by allowing processes to restrict their own access and that of their children. This tool aims to be similar to firejail but with less overhead and deeper integration into the kernel's security mechanisms. The main purpose of Landrun is to enhance security by limiting the potential impact of compromised processes. It achieves this by leveraging Landlock, which acts as a stackable LSM to enforce access control policies defined by the user. The basic usage involves specifying permissions like binding to specific TCP ports or connecting to DNS servers. Users are encouraged to consult the documentation for available qualifiers.\n\n[Read More](https://github.com/Zouuup/landrun)\n💬 [HN Comments](https://news.ycombinator.com/item?id=43445662) (147)",
"sig": "57e282c89d7f5bf4b34f9bed3d7c5dca114c78ac43973fe61271add53a00001eae2df04dbc68dcedcf625516e6cf45a62056a5b85417c691aef44df24a7ed055"
}