dietshasta
/
Sandbox
1
2
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Sandbox for i2pd
16 Commits
1 Branch
0 Tags
98 KiB
C++ 84.9%
Dockerfile 15.1%
 
 
Go to file
dietshasta 07732a8f4d tested new version 2024-04-10 17:23:43 +01:00
daemon restart_syscall and mkdir 2024-03-17 06:33:15 +00:00
Makefile.linux first commit 2024-03-10 11:35:30 +00:00
README.md tested new version 2024-04-10 17:23:43 +01:00

README.md

Sandbox

Some basic sandboxing for i2pd using seccomp and Landlock.

If you tested this please let me know how it worked.

Dependencies

For seccomp header files need to be installed.

sudo apt install libseccomp-dev

You also need a kernel with Landlock support enabled.

grep landlock /sys/kernel/security/lsm

If Landlock is not enabled check the kernel.

grep CONFIG_SECURITY_LANDLOCK /boot/config-`uname -r`

Or alternatively.

sudo modprobe configs
zgrep CONFIG_SECURITY_LANDLOCK /proc/config.gz

If Landlock is built in but not enabled you can add "lsm=landlock" to the kernel boot parameters.

Building

make SANDBOX=yes

Tested

i2pd-2.50.2
Debian 12.4 (x86-64)
Debian 12.4 (aarch64)
Raspberry Pi OS 2024-03-12 (aarch64). Fail: no Landlock support.

i2pd-2.51
Debian 12.4 (x86-64)