dietshasta
/
Sandbox
1
2
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Sandbox for i2pd
23 Commits
1 Branch
0 Tags
98 KiB
C++ 84.9%
Dockerfile 15.1%
 
 
Go to file
dietshasta 5c34c82b97 2.53.0 2024-07-26 17:08:57 +01:00
daemon update 2024-06-22 10:27:57 +01:00
Makefile.linux first commit 2024-03-10 11:35:30 +00:00
README.md 2.53.0 2024-07-26 17:08:57 +01:00

README.md

Sandbox

Some basic sandboxing for i2pd using seccomp and Landlock.

If you tested this please let me know how it worked.

Dependencies

For seccomp header files need to be installed.

sudo apt install libseccomp-dev

You also need a kernel with Landlock support enabled.

grep landlock /sys/kernel/security/lsm

If Landlock is not enabled check the kernel.

grep CONFIG_SECURITY_LANDLOCK /boot/config-`uname -r`

Or alternatively.

sudo modprobe configs
zgrep CONFIG_SECURITY_LANDLOCK /proc/config.gz

If Landlock is built in but not enabled you can add "lsm=landlock" to the kernel boot parameters.

Building

Copy the modified files to a complete set of i2pd sources. Then build.

make SANDBOX=yes

Tested

i2pd-2.53.0
Docker Image (aarch64)

i2pd-2.52.0
Docker Image (aarch64)
Debian 12.4 (x86-64)
Debian 12.4 (aarch64)

i2pd-2.51.0
Debian 12.4 (x86-64)
Debian 12.4 (aarch64)

i2pd-2.50.2
Debian 12.4 (x86-64)
Debian 12.4 (aarch64)
Raspberry Pi OS 2024-03-12 (aarch64). Fail: no Landlock support.