'Landrun': Lightweight Linux Sandboxing With Landlock, No Root Required

A Reddit user, Zoup, found Linux's Landlock security module difficult to use directly for sandboxing untrusted binaries. Landlock, integrated in the Linux kernel since version 5.13, allows unprivileged processes to limit their own access. Zoup created Landrun, a Go-based command-line tool to simplify Landlock's usage. Landrun enables sandboxing without requiring root privileges, containers, or seccomp. This tool resembles firejail but utilizes Landlock, offering fine-grained control over file access and TCP ports. Users can specify read-only, read-write, or execute permissions using simple flags. Landrun is designed to be minimal and kernel-native, eliminating the need for daemons or complex configuration files. The tool's MIT license promotes easy auditing and now supports systemd services. Zoup developed Landrun to address the lack of straightforward sandboxing solutions for running potentially unsafe binaries.