Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/landlock-lsm/rust-landlock

A Rust library for the Linux Landlock sandboxing feature
https://github.com/landlock-lsm/rust-landlock

landlock linux sandboxing security

Last synced: 5 days ago
JSON representation

A Rust library for the Linux Landlock sandboxing feature

Host: GitHub
URL: https://github.com/landlock-lsm/rust-landlock
Owner: landlock-lsm
License: other
Created: 2021-04-13T18:34:45.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2024-09-13T17:59:57.000Z (2 months ago)
Last Synced: 2024-09-14T08:53:37.473Z (2 months ago)
Topics: landlock, linux, sandboxing, security
Language: Rust
Homepage: https://crates.io/crates/landlock
Size: 1.36 MB
Stars: 87
Watchers: 5
Forks: 9
Open Issues: 11
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE-APACHE

Awesome Lists containing this project

README

        # Rust Landlock library

Landlock is a security feature available since Linux 5.13.

The goal is to enable to restrict ambient rights (e.g., global filesystem access) for a set of processes by creating safe security sandboxes as new security layers in addition to the existing system-wide access-controls.

This kind of sandbox is expected to help mitigate the security impact of bugs, unexpected or malicious behaviors in applications.

Landlock empowers any process, including unprivileged ones, to securely restrict themselves.

More information about Landlock can be found in the [official website](https://landlock.io).

This Rust crate provides a safe abstraction for the Landlock system calls along with some helpers.

## Use cases

This crate is especially useful to protect users' data by sandboxing:

* trusted applications dealing with potentially malicious data

  (e.g., complex file format, network request) that could exploit security vulnerabilities;

* sandbox managers, container runtimes or shells launching untrusted applications.

## Examples

A simple example can be found with the

[`path_beneath_rules()`](https://landlock.io/rust-landlock/landlock/fn.path_beneath_rules.html) helper.

More complex examples can be found with the

[`Ruleset` documentation](https://landlock.io/rust-landlock/landlock/struct.Ruleset.html)

and the [sandboxer example](examples/sandboxer.rs).

## [Crate documentation](https://landlock.io/rust-landlock/landlock/)

## Changelog

* [v0.4.1](CHANGELOG.md#v041)

* [v0.4.0](CHANGELOG.md#v040)

* [v0.3.1](CHANGELOG.md#v031)

* [v0.3.0](CHANGELOG.md#v030)

* [v0.2.0](CHANGELOG.md#v020)