Sandbox for i2pd
 
 
Go to file
dietshasta 33d25598cd update 2025-06-30 18:07:45 +00:00
daemon update 2025-02-13 21:12:28 +00:00
Dockerfile update 2025-04-16 19:02:48 +01:00
Makefile.linux 2.56.0 2025-02-12 19:38:46 +00:00
README.md update 2025-06-30 18:07:45 +00:00
docker-compose.yml update 2025-04-16 19:02:48 +01:00

README.md

Sandbox

Some basic sandboxing for i2pd using seccomp and Landlock.

If you tested this please let me know how it worked.

Dependencies

You need a kernel with Landlock support enabled.

grep landlock /sys/kernel/security/lsm 

If Landlock is not enabled check the kernel.

grep CONFIG_SECURITY_LANDLOCK /boot/config-`uname -r`

Or alternatively.

sudo modprobe configs
zgrep CONFIG_SECURITY_LANDLOCK /proc/config.gz

If Landlock is built in but not enabled you can add "lsm=landlock" to the kernel boot parameters.

Fetching

Run the following commands.

export http_proxy=http://127.0.0.1:4444
git clone http://git.community.i2p/dietshasta/Sandbox.git
git clone --depth=1 --branch 2.56.0 --single-branch http://git.community.i2p/PurpleI2P/i2pd.git
cp -rf Sandbox/* i2pd/ && cd i2pd

Building for Debian

For seccomp headers need to be installed.

sudo apt install libseccomp-dev

Then build.

make SANDBOX=yes

Building for Docker

Build and run.

sudo EXTERNAL_PORT= docker-compose up --build

Tested

i2pd-2.57.0
Docker Image (x86-64)
Debian 12.11 (x86-64)

i2pd-2.56.0
Debian 12.9 (x86-64)
Debian 12.9 (aarch64)
Docker Image (x86-64)

i2pd-2.55.0
Debian 12.8 (x86-64)

i2pd-2.54.0
Debian 12.7 (x86-64)

i2pd-2.53.0
Docker Image (aarch64)

i2pd-2.52.0
Docker Image (aarch64)
Debian 12.4 (x86-64)
Debian 12.4 (aarch64)

i2pd-2.51.0
Debian 12.4 (x86-64)
Debian 12.4 (aarch64)

i2pd-2.50.2
Debian 12.4 (x86-64)
Debian 12.4 (aarch64)
Raspberry Pi OS 2024-03-12 (aarch64). Fail: no Landlock support.