Follow @Openwall on Twitter for new release announcements and other news
[<prev] [day] [month] [year] [list] 
Message-ID: <20251205.saiZ2Pauleew@digikod.net>
Date: Fri, 5 Dec 2025 12:22:28 +0100
From: Mickaël Salaün <mic@...ikod.net>
To: landlock@...ts.linux.dev
Cc: oss-security@...ts.openwall.com, linux-security-module@...r.kernel.org, 
	lwn@....net
Subject: Island: Sandboxing tool powered by Landlock

Hi,

I just released Island, a sandboxing tool powered by Landlock:
https://github.com/landlock-lsm/island

Island makes Landlock practical for everyday workflows by acting as a
high-level wrapper and policy manager.  Developed alongside the kernel
feature and its Rust libraries, it bridges the gap between raw security
mechanisms and user activity through:
- Zero-code integration: Runs existing binaries without modification.
- Declarative policies: Uses TOML profiles instead of code-based rules.
- Context-aware activation: Automatically applies security profiles
  based on your current working directory.
- Full environment isolation: Manages isolated workspaces (XDG
  directories, TMPDIR) in addition to access control.
- Transparent shell integration: Automatically sandboxes commands in
  your shell without changing your workflow.
- Zero-privilege operation: No root access or special capabilities
  required.
- Layered protection: Multiple profiles compose cleanly with
  deterministic ordering.

It's a work in progress, so be careful.

Feedback welcome!

Regards,
 Mickaël

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.