Run any Linux process in a secure, unprivileged sandbox using Landlock. Think firejail, but lightweight, user-friendly, and baked into the kernel.

Lightweight, container-free sandbox for running commands with network and filesystem restrictions

A Go library for the Linux Landlock sandboxing feature

A Rust library for the Linux Landlock sandboxing feature

Container-free, deny-by-default sandbox for AI coding agents. Kernel-enforced filesystem, network, and syscall isolation for Linux and macOS

Process isolation for Linux using namespaces, resource limits, cgroups, landlock and seccomp.

A lightweight command sandbox for Linux, secure-by-default, built on Landlock.

Run AI coding agents in hardened container sandboxes.

Linux kernel - See Landlock issues

OpenBSD unveil(2) like function in Linux using Landlock

Go filesystem isolation via Linux landlock sandbox

Lightweight process-based sandbox for Linux, no container, no VM, no root.

Painless Linux sandboxing API

Set of modifications for Deno to add subprocess sandboxing

A command line tool for playing with Linux 5.13's Landlock feature

Next generation of the KISS Package manager

Restrict process execution and file access in Kubernetes Pods with Landlock

Haskell bindings for the Linux Landlock API

Native code sandboxing for JavaScript runtimes