landdown
Simple Sandboxing for shell scripts.
git clone git://mccd.space/landdown
| Log | Files | Refs | README | LICENSE |
commit 5ec6ef19b431cb1915c64fd799610f1211801944 parent 7d62bda73d6afe3b5de241069a38938312ab5774 Author: Marc <marc@coquand.email> Date: Tue, 31 Mar 2026 12:59:39 +0200 * Diffstat:
| M | README.md | | | 11 | ++++++++++- |
1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md @@ -1,6 +1,15 @@ # Landdown - Easy shell script sandbox -A minimal Linux utility tool for locking down a shell script's access using [landlock](https://landlock.io). +A minimal Linux utility tool for locking down a shell script's access using [landlock](https://landlock.io). For example: + +```sh +#!/usr/bin/env landdown +ro /bin +ro /lib +rwf /tmp/some-file.txt +#!/bin/sh +echo Edit > /tmp/some-file.txt +``` The aim is to allow developers to easily lock down scripts. I personally use it for my CGI scripts to have per-endpoint sandboxing.