https://github.com/landlock-lsm/rust-landlock

A Rust library for the Linux Landlock sandboxing feature
https://github.com/landlock-lsm/rust-landlock

landlock linux sandboxing security

Last synced: about 1 year ago
JSON representation

A Rust library for the Linux Landlock sandboxing feature

• Host: GitHub
• URL: https://github.com/landlock-lsm/rust-landlock
• Owner: landlock-lsm
• License: other
• Created: 2021-04-13T18:34:45.000Z (about 5 years ago)
• Default Branch: main
• Last Pushed: 2025-04-23T14:54:47.000Z (about 1 year ago)
• Last Synced: 2025-04-23T15:47:21.970Z (about 1 year ago)
• Topics: landlock, linux, sandboxing, security
• Language: Rust
• Homepage: https://crates.io/crates/landlock
• Size: 232 KB
• Stars: 122
• Watchers: 5
• Forks: 13
• Open Issues: 16
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE-APACHE

Awesome Lists containing this project

README

          
# Rust Landlock library

Landlock is a security feature available since Linux 5.13.

The goal is to enable to restrict ambient rights (e.g., global filesystem access) for a set of processes by creating safe security sandboxes as new security layers in addition to the existing system-wide access-controls.

This kind of sandbox is expected to help mitigate the security impact of bugs, unexpected or malicious behaviors in applications.

Landlock empowers any process, including unprivileged ones, to securely restrict themselves.

More information about Landlock can be found in the [official website](https://landlock.io).

This Rust crate provides a safe abstraction for the Landlock system calls along with some helpers.

## Use cases

This crate is especially useful to protect users' data by sandboxing:

* trusted applications dealing with potentially malicious data

  (e.g., complex file format, network request) that could exploit security vulnerabilities;

* sandbox managers, container runtimes or shells launching untrusted applications.

## Examples

A simple example can be found with the

[`path_beneath_rules()`](https://landlock.io/rust-landlock/landlock/fn.path_beneath_rules.html) helper.

More complex examples can be found with the

[`Ruleset` documentation](https://landlock.io/rust-landlock/landlock/struct.Ruleset.html)

and the [sandboxer example](examples/sandboxer.rs).

## [Crate documentation](https://landlock.io/rust-landlock/landlock/)

## Changelog

* [v0.4.2](CHANGELOG.md#v042)

* [v0.4.1](CHANGELOG.md#v041)

* [v0.4.0](CHANGELOG.md#v040)

* [v0.3.1](CHANGELOG.md#v031)

* [v0.3.0](CHANGELOG.md#v030)

* [v0.2.0](CHANGELOG.md#v020)