r1w1s1Exciting news for <a href="https://snac.bsd.cafe?t=slackware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Slackware</a> users!<br><br>The Landrun tool is now available in SlackBuildsOrg!<br><br>Landrun A lightweight, secure sandbox for running Linux processes using Landlock.<br>Think firejail, but with kernel-level security and minimal overhead.<br><br>Get it here:<br><a href="https://slackbuilds.org/repository/15.0/network/landrun/" rel="nofollow noopener noreferrer" target="_blank">https://slackbuilds.org/repository/15.0/network/landrun/</a><br><br><a href="https://snac.bsd.cafe?t=linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Linux</a> <a href="https://snac.bsd.cafe?t=slackware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Slackware</a> <a href="https://snac.bsd.cafe?t=landlock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#landlock</a> <a href="https://snac.bsd.cafe?t=opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSource</a> <a href="https://snac.bsd.cafe?t=landrun" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#landrun</a><br>
Recent searches
No recent searches
Search options
Only available when logged in.
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.
Administered by:
Server stats:
292active users
shakedown.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.4
#landlock
1 post · 1 participant · 0 posts today
Hacker News<p>Landrun: Sandbox any Linux process using Landlock, no root or containers</p><p><a href="https://github.com/Zouuup/landrun" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/Zouuup/landrun</span><span class="invisible"></span></a></p><p><a href="https://mastodon.social/tags/HackerNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HackerNews</span></a> <a href="https://mastodon.social/tags/Landrun" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Landrun</span></a> <a href="https://mastodon.social/tags/Sandbox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sandbox</span></a> <a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://mastodon.social/tags/Landlock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Landlock</span></a> <a href="https://mastodon.social/tags/NoRoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NoRoot</span></a> <a href="https://mastodon.social/tags/Containers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Containers</span></a></p>
n0toose<p>I'd like to share something nice that I am currently working on: A Landlock integration for Forgejo.</p><p>Landlock (<a href="https://landlock.io" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">landlock.io</span><span class="invisible"></span></a>) lets userspace processes tell the kernel "hey kernel, please only let me access the following filesystem resources" (and it also supports sockets, etc. now).</p><p>My integration only limits unfettered access to arbitrary files. It needs a lot more yak shaving (refactoring, configurations, using the PATH variable for Git binaries) and time.</p><p><a href="https://chaos.social/tags/landlock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>landlock</span></a> <a href="https://chaos.social/tags/forgejo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>forgejo</span></a></p>
Mickaël Salaün<p>I'll give a talk at <a href="https://mastodon.social/tags/FOSDEM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FOSDEM</span></a>: <a href="https://mastodon.social/tags/Sandbox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sandbox</span></a> IDs with <a href="https://mastodon.social/tags/Landlock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Landlock</span></a><br>We'll talk about the challenges to identify sandboxed processes in a safe and unprivileged way, and how that could be used to identify <a href="https://mastodon.social/tags/containers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>containers</span></a>.<br><a href="https://fosdem.org/2025/schedule/event/fosdem-2025-6071-sandbox-ids-with-landlock/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">fosdem.org/2025/schedule/event</span><span class="invisible">/fosdem-2025-6071-sandbox-ids-with-landlock/</span></a><br><a href="https://mastodon.social/tags/FOSDEM2025" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FOSDEM2025</span></a> <a href="https://mastodon.social/tags/container" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>container</span></a></p>
Mickaël Salaün<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@david_chisnall" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>david_chisnall</span></a></span> <span class="h-card" translate="no"><a href="https://wandering.shop/@kithrup" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>kithrup</span></a></span> <span class="h-card" translate="no"><a href="https://nondeterministic.computer/@mjg59" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>mjg59</span></a></span> <span class="h-card" translate="no"><a href="https://aus.social/@rfc6919" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>rfc6919</span></a></span> indeed, that's why <a href="https://mastodon.social/tags/Landlock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Landlock</span></a> works by controlling access to "hierarchies of inodes"</p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload