64 lines
1.3 KiB
Markdown
64 lines
1.3 KiB
Markdown
Sandbox
|
|
=
|
|
Some basic sandboxing for i2pd using [seccomp](http://wikiless.i2p/wiki/Seccomp) and [Landlock](https://docs.kernel.org/security/landlock.html).
|
|
|
|
If you tested this please let me know how it worked.
|
|
|
|
Dependencies
|
|
-
|
|
For seccomp header files need to be installed.
|
|
|
|
```
|
|
sudo apt install libseccomp-dev
|
|
```
|
|
|
|
You also need a kernel with Landlock support enabled.
|
|
|
|
```
|
|
grep landlock /sys/kernel/security/lsm
|
|
```
|
|
|
|
If Landlock is not enabled check the kernel.
|
|
```
|
|
grep CONFIG_SECURITY_LANDLOCK /boot/config-`uname -r`
|
|
```
|
|
Or alternatively.
|
|
```
|
|
sudo modprobe configs
|
|
zgrep CONFIG_SECURITY_LANDLOCK /proc/config.gz
|
|
```
|
|
|
|
If Landlock is built in but not enabled you can add "lsm=landlock" to the kernel boot parameters.
|
|
|
|
Building
|
|
-
|
|
Copy the modified files to a complete set of i2pd sources. Then build.
|
|
```
|
|
make SANDBOX=yes
|
|
```
|
|
|
|
Tested
|
|
-
|
|
**i2pd-2.55.0**
|
|
✅ Debian 12.8 (x86-64)
|
|
|
|
**i2pd-2.54.0**
|
|
✅ Debian 12.7 (x86-64)
|
|
|
|
**i2pd-2.53.0**
|
|
✅ Docker Image (aarch64)
|
|
|
|
**i2pd-2.52.0**
|
|
✅ Docker Image (aarch64)
|
|
✅ Debian 12.4 (x86-64)
|
|
✅ Debian 12.4 (aarch64)
|
|
|
|
**i2pd-2.51.0**
|
|
✅ Debian 12.4 (x86-64)
|
|
✅ Debian 12.4 (aarch64)
|
|
|
|
**i2pd-2.50.2**
|
|
✅ Debian 12.4 (x86-64)
|
|
✅ Debian 12.4 (aarch64)
|
|
❌ Raspberry Pi OS 2024-03-12 (aarch64). Fail: no Landlock support.
|