https://github.com/landlock-lsm/go-landlock
A Go library for the Linux Landlock sandboxing feature
https://github.com/landlock-lsm/go-landlock
landlock linux sandboxing security
Last synced: 3 months ago
JSON representation
A Go library for the Linux Landlock sandboxing feature
- Host: GitHub
- URL: https://github.com/landlock-lsm/go-landlock
- Owner: landlock-lsm
- License: mit
- Created: 2021-06-28T07:39:39.000Z (about 5 years ago)
- Default Branch: main
- Last Pushed: 2026-04-13T16:31:40.000Z (3 months ago)
- Last Synced: 2026-04-13T18:09:58.200Z (3 months ago)
- Topics: landlock, linux, sandboxing, security
- Language: Go
- Homepage:
- Size: 202 KB
- Stars: 292
- Watchers: 10
- Forks: 17
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
📚 [Godoc](https://pkg.go.dev/github.com/landlock-lsm/go-landlock/landlock)
| 🌍 [landlock.io](https://landlock.io/)
# Go Landlock library
The Go-Landlock library restricts the current processes' ability to
use files, using Linux 5.13's Landlock feature.
## TL;DR: Example
In a Go program, after starting up and doing program initialization work, run:
```
err := landlock.V8.BestEffort().RestrictPaths(
landlock.RODirs("/usr", "/bin"),
landlock.RWDirs("/tmp"),
)
```
After this invocation, your program can only access the specified paths.
Landlock is a Linux kernel feature and can restrict the following types of access:
* Filesystem access
* Some network operations
* Some IPC operations
More details and examples in the [Go-Landlock
documentation](https://pkg.go.dev/github.com/landlock-lsm/go-landlock/landlock).
## Goals
Goals of Go-Landlock are:
* Make unprivileged sandboxing easy to use and effective.
* Keep Go-Landlock's implementation at an easily auditable size.
## How to...
* [...onboard a program to use Go-Landlock](docs/onboarding.md)
* [...upgrade a Go-Landlock usage to use more advanced features](docs/upgrade.md)