Skip to content

landlock-lsm/go-landlock

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

236 Commits
.github
.github
 
 
cmd
cmd
 
 
docs
docs
 
 
examples
examples
 
 
landlock
landlock
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

📚 Godoc | 🌍 landlock.io

Go Landlock library

The Go-Landlock library restricts the current processes' ability to use files, using Linux 5.13's Landlock feature.

TL;DR: Example

In a Go program, after starting up and doing program initialization work, run:

err := landlock.V8.BestEffort().RestrictPaths(
    landlock.RODirs("/usr", "/bin"),
    landlock.RWDirs("/tmp"),
)

After this invocation, your program can only access the specified paths.

Landlock is a Linux kernel feature and can restrict the following types of access:

  • Filesystem access
  • Some network operations
  • Some IPC operations

More details and examples in the Go-Landlock documentation.

Goals

Goals of Go-Landlock are:

  • Make unprivileged sandboxing easy to use and effective.
  • Keep Go-Landlock's implementation at an easily auditable size.

How to...

About

A Go library for the Linux Landlock sandboxing feature

Topics

linux security sandboxing landlock

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

298 stars

Watchers

10 watching

Forks

17 forks
Report repository

Releases 3

v0.8.1 Latest
Apr 19, 2026
+ 2 releases

Packages

 
 
 

Contributors

Languages