landdown

Simple Sandboxing for shell scripts.

git clone git://mccd.space/landdown

commit 9873398a3b0b05817f97ed4947f90f48fb16c881
parent 443ed82c0c9425ea115fab9e6c5916b3b74818e0
Author: Marc <marc@coquand.email>
Date:   Tue, 31 Mar 2026 18:48:29 +0200

Don't use log

Diffstat:

Mmain.go | 15+++++++--------


1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/main.go b/main.go
@@ -4,7 +4,6 @@ import (
 	"bufio"
 	"bytes"
 	"fmt"
-	"log"
 	"os"
 	"os/exec"
 	"strconv"
@@ -29,7 +28,7 @@ func main() {
 
 	data, err := os.ReadFile(scriptPath)
 	if err != nil {
-		log.Fatalf("failed to read script: %v", err)
+		panic(err)
 	}
 
 	var roPaths, roFilePaths, rwFilePaths, rwPaths []string
@@ -89,12 +88,12 @@ func main() {
 			}
 			netRules = append(netRules, landlock.ConnectTCP(uint16(port)))
 		default:
-			log.Fatalf("line %d: unknown directive: %s", lineNum, line)
+			panic(fmt.Sprintf("line %d: unknown directive: %s", lineNum, line))
 		}
 	}
 
 	if len(execCmd) == 0 {
-		log.Fatal("no exec target found (second #! line)")
+		panic("no exec target found (second #! line)")
 	}
 
 	// Apply landlock
@@ -114,16 +113,16 @@ func main() {
 	rules = append(rules, netRules...)
 
 	if len(execCmd) == 0 {
-		log.Fatal("no exec target found (second #! line)")
+		panic("no exec target found (second #! line)")
 	}
 
 	if err := landlock.V6.BestEffort().Restrict(rules...); err != nil {
-		log.Fatalf("landlock failed: %v", err)
+		panic(err)
 	}
 
 	fullPath, err := exec.LookPath(execCmd[0])
 	if err != nil {
-		log.Fatalf("command not found: %v", err)
+		panic(fmt.Sprintf("command not found: %v", err))
 	}
 
 	argv := append(execCmd, extraArgs...)
@@ -140,6 +139,6 @@ func main() {
  	}
 
 	if err := syscall.Exec(fullPath, argv, os.Environ()); err != nil {
-		log.Fatalf("failed to exec: %v", err)
+		panic(fmt.Sprintf("failed to exec: %v", err))
 	}
 }