landdown

Simple Sandboxing for shell scripts.

git clone git://mccd.space/landdown

commit 7d62bda73d6afe3b5de241069a38938312ab5774
parent 3d46428e0f78a212d9d4911aedfecce0dc6809ec
Author: Marc <marc@coquand.email>
Date:   Tue, 31 Mar 2026 12:57:11 +0200

*

Diffstat:

MREADME.md | 25++++++++++++++++++++++---


Mgo.mod | 2+-


2 files changed, 23 insertions(+), 4 deletions(-)
diff --git a/README.md b/README.md
@@ -4,6 +4,25 @@ A minimal Linux utility tool for locking down a shell script's access using [lan
 
 The aim is to allow developers to easily lock down scripts. I personally use it for my CGI scripts to have per-endpoint sandboxing.
 
+It works by prefixing the shebang with a list of locations that should be accessible
+
+```
+#!/usr/bin/env landdown
+<directives>
+#!<interpreter>
+script content
+```
+
+## Install
+
+Requires go, run
+
+```
+go install git.sr.ht/~marcc/landdown@latest
+```
+
+Make sure $HOME/go/bin is in your path.
+
 ## Supported directives
 
 ```
@@ -20,7 +39,7 @@ The aim is to allow developers to easily lock down scripts. I personally use it 
 ### Hello world
 
 ```sh
-#!/usr/local/bin/landdown
+#!/usr/bin/env landdown
 ro /bin 
 ro /lib 
 #!/bin/sh
@@ -32,7 +51,7 @@ Try removing `/bin` or `/lib` and it should fail.
 ### Edit a file
 
 ```sh
-#!/usr/local/bin/landdown
+#!/usr/bin/env landdown
 ro /bin 
 ro /lib
 rwf /tmp/some-file.txt
@@ -47,7 +66,7 @@ Note: the file need to exist in order to landlock it.
 ### Curl google
 
 ```sh
-#!/usr/local/bin/landdown
+#!/usr/bin/env landdown
 ro /bin 
 ro /lib 
 ro /etc/ssl
diff --git a/go.mod b/go.mod
@@ -1,4 +1,4 @@
-module landdown
+module git.sr.ht/~marcc/landdown
 
 go 1.26.1