Sandbox
=
Some basic sandboxing for i2pd using [seccomp](http://wikiless.i2p/wiki/Seccomp) and [Landlock](https://docs.kernel.org/security/landlock.html).

If you tested this please let me know how it worked.

Dependencies
-
For seccomp header files need to be installed.

```
sudo apt install libseccomp-dev
```

You also need a kernel with Landlock support enabled.

```
grep landlock /sys/kernel/security/lsm 
```

If Landlock is not enabled check the kernel.
```
grep CONFIG_SECURITY_LANDLOCK /boot/config-`uname -r`
```
Or alternatively.
```
sudo modprobe configs
zgrep CONFIG_SECURITY_LANDLOCK /proc/config.gz
```

If Landlock is built in but not enabled you can add "lsm=landlock" to the kernel boot parameters.

Building
-
Copy the modified files to a complete set of i2pd sources. Then build.
```
make SANDBOX=yes
```

Tested
-
**i2pd-2.55.0**  
✅ Debian 12.8 (x86-64)  

**i2pd-2.54.0**  
✅ Debian 12.7 (x86-64)  

**i2pd-2.53.0**  
✅ Docker Image (aarch64)  

**i2pd-2.52.0**  
✅ Docker Image (aarch64)  
✅ Debian 12.4 (x86-64)  
✅ Debian 12.4 (aarch64)  

**i2pd-2.51.0**  
✅ Debian 12.4 (x86-64)  
✅ Debian 12.4 (aarch64)  

**i2pd-2.50.2**  
✅ Debian 12.4 (x86-64)  
✅ Debian 12.4 (aarch64)  
❌ Raspberry Pi OS 2024-03-12 (aarch64). Fail: no Landlock support.