dietshasta
/
Sandbox
1
2
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Sandbox/README.md

89 lines
1.7 KiB
Markdown
Raw Blame History

Sandbox
=
Some basic sandboxing for i2pd using [seccomp](http://wikiless.i2p/wiki/Seccomp) and [Landlock](https://docs.kernel.org/security/landlock.html).
If you tested this please let me know how it worked.
Dependencies
-
You need a kernel with Landlock support enabled.
```
grep landlock /sys/kernel/security/lsm
```
If Landlock is not enabled check the kernel.
```
grep CONFIG_SECURITY_LANDLOCK /boot/config-`uname -r`
```
Or alternatively.
```
sudo modprobe configs
zgrep CONFIG_SECURITY_LANDLOCK /proc/config.gz
```
If Landlock is built in but not enabled you can add "lsm=landlock" to the kernel boot parameters.
Fetching
-
Run the following commands.
```
export http_proxy=http://127.0.0.1:4444
git clone http://git.community.i2p/dietshasta/Sandbox.git
git clone --depth=1 --branch 2.56.0 --single-branch http://git.community.i2p/PurpleI2P/i2pd.git
cp -rf Sandbox/* i2pd/ && cd i2pd
```
Building for Debian
-
For seccomp headers need to be installed.
```
sudo apt install libseccomp-dev
```
Then build.
```
make SANDBOX=yes
```
Building for Docker
-
Build and run.
```
sudo EXTERNAL_PORT= docker-compose up --build
```
Tested
-
**i2pd-2.57.0**
✅ Docker Image (x86-64)
**i2pd-2.56.0**
✅ Debian 12.9 (x86-64)
✅ Debian 12.9 (aarch64)
✅ Docker Image (x86-64)
**i2pd-2.55.0**
✅ Debian 12.8 (x86-64)
**i2pd-2.54.0**
✅ Debian 12.7 (x86-64)
**i2pd-2.53.0**
✅ Docker Image (aarch64)
**i2pd-2.52.0**
✅ Docker Image (aarch64)
✅ Debian 12.4 (x86-64)
✅ Debian 12.4 (aarch64)
**i2pd-2.51.0**
✅ Debian 12.4 (x86-64)
✅ Debian 12.4 (aarch64)
**i2pd-2.50.2**
✅ Debian 12.4 (x86-64)
✅ Debian 12.4 (aarch64)
❌ Raspberry Pi OS 2024-03-12 (aarch64). Fail: no Landlock support.
Reference in New Issue View Git Blame Copy Permalink