sandboxec: A lightweight command sandbox for Linux, secure-by-default, built on Landlock.

you can actually run agents safely without breaking your machine using linux kernel-native security module (LSM), so no syscall mediation ~= way less overhead. no containers, no virtualization, no root, just self-sandboxing. here I built a smol sandboxer called sandboxec[1] on top of Landlock[2] that limits file/network access to only what’s needed and blocks everything else by default. [1]: https://github.com/dwisiswant0/sandboxec [2]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/security/landlock submitted by /u/dwisiswant0 [link] [comments]Technical Information Security Content & DiscussionRead More