Landdown is a Linux utility that sandboxes shell scripts using the Landlock kernel security feature. By prepending a script with a landdown shebang and an allowlist of rules, you can restrict file system access (read-only or read-write, for files or directories) and network access (bind/connect on specific ports). The tool is installed via Go and works by intercepting script execution to enforce only the explicitly permitted operations, blocking everything else including unauthorized file reads and network connections.
Sort: