Landrun: A Lightweight, Kernel-Level Secure Sandbox for Linux
Landrun is a lightweight Linux sandbox utilizing the Landlock LSM, boasting kernel-level security and minimal overhead. It offers fine-grained access control for directories, supporting read and write paths with optional execution permissions. TCP network access control (binding and connecting) is also included. Requiring Linux kernel 5.13+ with Landlock LSM enabled (kernel 6.8+ for network restrictions), Landrun provides a command-line interface for easily configuring sandbox permissions, including read-only, read-write, execution, and specific TCP port binding and connection allowances. A best-effort mode ensures graceful degradation on older kernels. This makes it ideal for securely running untrusted or potentially malicious code.