From: "Mickaël Salaün" <mic@digikod.net>
To: Jarkko Sakkinen <jarkko@kernel.org>
Cc: Justin Suess <utilityemal77@gmail.com>, landlock@lists.linux.dev
Subject: Re: Landstrip
Date: Tue, 9 Jun 2026 20:25:08 +0200 [thread overview]
Message-ID: <20260609.ooNe7wi9Vai3@digikod.net> (raw)
In-Reply-To: <aiZgKQWLjWwvyMEe@kernel.org>
On Mon, Jun 08, 2026 at 09:24:41AM +0300, Jarkko Sakkinen wrote:
> On Mon, Jun 08, 2026 at 05:28:39AM +0300, Jarkko Sakkinen wrote:
> > On Fri, Jun 05, 2026 at 03:19:09PM -0400, Justin Suess wrote:
> > > On Tue, Jun 02, 2026 at 04:42:51AM +0300, Jarkko Sakkinen wrote:
> > > > I played with an idea could Landlock LSM be used to do conceptually a
> > > > better fit sandbox for programs such as Anthropic Sandbox Runtime [1].
> > > >
> > > > After some missteps at first I got it pulled together quite well:
> > > >
> > > > https://crates.io/crates/landstrip
Interesting! FYI, here is a list of other sandboxers using Landlock
too: https://landlock.io/integrations/
Some new ones are missings, including Landstrip, Nono, and Sandlock.
Feel free to open a PR.
> > > >
> > > > To see it in action I also have a fork of pi-hashline-readmap plugin,
> > > > which was a cherry-picked test case I wanted to try out given it already
> > > > hooks the bash tool command for compressed output.
> > > >
> > > > I just thought that this might interest some as Landlock is not really
> > > > over-used kernel feature in "application sense".
I'm not sure what you mean by "application sense", there are a few
sandboxers and also apps with built-in sandboxing, but it would be nice
to have more. This list is not complete:
https://landlock.io/integrations/
> > > >
> > > > This is a more lower barrier and more failure tolerant to deploy than
> > > > Bubblewrap based container for this use and purpose in my opinion
> > > > at least.
Indeed!
> > > >
> > > Very cool! Landlock is great for this usecase of application driven
> > > sandboxing.
> > >
> > > (just a quick note, the linux-security-module/linux-integrity
> > > mailing lists mostly for kernel development patches, the
> > > landlock.lists.linux.dev list is more for
> > > userspace Landlock topics like this. so I removed the cc for
> > > linux-security-module/linux-integrity and added that list)
> > >
> > > I notice there is a seccomp policy for unix sockets in this application.
> > > Although it might not be in your kernel yet, support for sandboxing
> > > named unix sockets with Landlock was recently merged. :)
> > >
> > > https://lore.kernel.org/linux-security-module/20260327164838.38231-1-gnoack3000@gmail.com/
> >
> > Thanks for the pointer. My focus has been more in the wiring than inner
> > shenanigans but soon might be a good time to revisit :-)
> >
> > I have also Seatbelt FFI and Windows AppContainer profiles are whatever
> > they call them through Win32 API.
>
> I migrated to direct syscalls with Landlock in order to keep in faster
> phase.
While it's easy to ask an agent to rewrite/fork (part of) such crate,
it's not a good idea for a few reasons, especially the best-effort
approach, backward compatibility, tests... Anyway, I plan to update the
crate with the latest features this week. Still, feel free to open an
issue.
>
> I'll implement ACCESS_FS_RESOLVE_UNIX support, and run-time detection to
> know whether to fall back to a seccomp policy (which is needed still
> few years to come).
You're welcome to contribute to this crate, at least to open an issue
and explain your requirements. BTW, this crate is designed with
backward compatibility in mind so it already does run-time detection (in
a safe way), you don't need to reimplement it. ;)
>
> One LSM I'm not really familiar of and it bothers me a bit is the eBPF
> LSM. I'm not exactly sure would it do anything useful/valuable for
> me in this project.
Not sure, but it would requires privileges anyway.
>
> And I think Anthropic's app security policy is actually quite nice
> and practical. I plan to use this myself when I do find+xargs type
> of risky operations :-) It's great with scripts, which kind of
> makes sense.
Could you please explain this approach?
>
> JSON is quite horrible tho so without breaking backwards compatibility
> I'll add --format json|yml. In yml-version there won't be bucket
> lists for each rule. Instead it will have singular "allowRead" etc.
> statements. This is more to use cases where I find it useful :-)
FYI, there is a stable/future-proof/flexible format and related crate
(WIP) that supports both JSON and TOML:
https://github.com/landlock-lsm/landlockconfig
>
> BR, Jarkko
>
next prev parent reply other threads:[~2026-06-09 18:25 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-02 1:42 Landstrip Jarkko Sakkinen
2026-06-05 19:19 ` Landstrip Justin Suess
2026-06-08 2:28 ` Landstrip Jarkko Sakkinen
2026-06-08 6:24 ` Landstrip Jarkko Sakkinen
2026-06-09 18:25 ` Mickaël Salaün [this message]
2026-06-10 9:40 ` Landstrip Jarkko Sakkinen
2026-06-10 9:46 ` Landstrip Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260609.ooNe7wi9Vai3@digikod.net \
--to=mic@digikod.net \
--cc=jarkko@kernel.org \
--cc=landlock@lists.linux.dev \
--cc=utilityemal77@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.