45 lines
744 B
Markdown
45 lines
744 B
Markdown
Sandbox
|
|
=
|
|
Some basic sandboxing for i2pd using seccomp and Landlock.
|
|
|
|
If you tested this please let me know how it worked.
|
|
|
|
Dependencies
|
|
-
|
|
For seccomp header files need to be installed.
|
|
|
|
```
|
|
sudo apt install libseccomp-dev
|
|
```
|
|
|
|
You also need a kernel with Landlock support enabled.
|
|
|
|
```
|
|
grep landlock /sys/kernel/security/lsm
|
|
```
|
|
|
|
If Landlock is not enabled check the kernel.
|
|
```
|
|
grep CONFIG_SECURITY_LANDLOCK /boot/config-`uname -r`
|
|
```
|
|
Or alternatively.
|
|
```
|
|
sudo modprobe configs
|
|
zgrep CONFIG_SECURITY_LANDLOCK /proc/config.gz
|
|
```
|
|
|
|
If Landlock is built in but not enabled you can add "lsm=landlock" to the kernel boot parameters.
|
|
|
|
Building
|
|
-
|
|
|
|
```
|
|
make SANDBOX=yes
|
|
```
|
|
|
|
Tested
|
|
-
|
|
**i2pd-2.50.2**
|
|
* Debian 12.4 (x86-64)
|
|
* Debian 12.4 (aarch64)
|