dietshasta
/
Sandbox
1
2
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Sandbox for i2pd
7 Commits
1 Branch
0 Tags
98 KiB
C++ 84.9%
Dockerfile 15.1%
 
 
Go to file
dietshasta 19d6d266bc more landlock rules 2024-03-15 19:37:40 +00:00
daemon more landlock rules 2024-03-15 19:37:40 +00:00
Makefile.linux first commit 2024-03-10 11:35:30 +00:00
README.md fix 2024-03-15 16:36:36 +00:00

README.md

Sandbox

Some basic sandboxing for i2pd using seccomp and Landlock.

If you tested this please let me know how it worked.

Dependencies

For seccomp header files need to be installed.

sudo apt install libseccomp-dev

You also need a kernel with Landlock support enabled.

grep landlock /sys/kernel/security/lsm

If Landlock is not enabled check the kernel.

grep CONFIG_SECURITY_LANDLOCK /boot/config-`uname -r`

Or alternatively.

sudo modprobe configs
zgrep CONFIG_SECURITY_LANDLOCK /proc/config.gz

If Landlock is built in but not enabled you can add "lsm=landlock" to the kernel boot parameters.

Building

make SANDBOX=yes

Tested