landdown

Simple Sandboxing for shell scripts.

git clone git://mccd.space/landdown

commit 2380a16f07397fd5c223693d2094d24e743056b6
parent 514abf0d911e368851a8ac0b7c3d42f93e65c7b0
Author: Marc <marc@coquand.email>
Date:   Thu,  2 Apr 2026 21:34:50 +0200

Simplify

Diffstat:

Mmain.go | 18+++++++++++-------


1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/main.go b/main.go
@@ -116,27 +116,31 @@ func main() {
 		panic("no exec target found (second #! line)")
 	}
 
-	if err := landlock.V6.BestEffort().Restrict(rules...); err != nil {
+	if err := landlock.V7.BestEffort().Restrict(rules...); err != nil {
 		panic(err)
 	}
 
 	fullPath, err := exec.LookPath(execCmd[0])
 	if err != nil {
-		panic(fmt.Sprintf("command not found: %v", err))
+		panic(err)
 	}
 
 	argv := append(execCmd, extraArgs...)
 
 	// Create a memfile that is the content of the script
-	// we actually want to run, execute the script with that.
+	// we want to run, execute the script with that.
  	if len(stdinData) > 0 {
-		fd, _ := unix.MemfdCreate("landdown", 0)
-		f := os.NewFile(uintptr(fd), "script")
-		f.Write(stdinData)
+		fd, err := unix.MemfdCreate("landdown", 0)
+		if err != nil {
+			panic(err)
+		}
+		if _,err := unix.Write(fd,stdinData); err != nil {
+			panic(err)
+		}
 		argv = append(argv, fmt.Sprintf("/dev/fd/%d", fd))
  	}
 
 	if err := syscall.Exec(fullPath, argv, os.Environ()); err != nil {
-		panic(fmt.Sprintf("failed to exec: %v", err))
+		panic(err)
 	}
 }