A lightweight, secure sandbox for running Linux processes using Landlock. Think firejail, but with kernel-level security and minimal overhead.
Linux Landlock is a kernel-native security module that lets unprivileged processes sandbox themselves.
Landrun is designed to make it practical to sandbox any command with fine-grained filesystem and network access controls. No root. No containers. No SELinux/AppArmor configs.
It's lightweight, auditable, and wraps Landlock v5 features (file access + TCP restrictions).

go install github.com/zouuup/landrun/cmd/landrun@latest
git clone https://github.com/zouuup/landrun.git
cd landrun
go build -o landrun cmd/landrun/main.go
sudo cp landrun /usr/local/bin/
maintained by Vcalv
yay -S landrun
maintained by r1w1s1
sudo sbopkg -i packagename
Basic syntax:
landrun [options] <command> [args...]
--ro <path>: Allow read-only access to specified path (can be specified multiple times or as comma-separated values)--rox <path>: Allow read-only access with execution to specified path (can be specified multiple times or as comma-separated values)--rw <path>: Allow read-write access to specified path (can be specified multiple times or as comma-separated values)--rwx <path>: Allow read-write access with execution to specified path (can be specified multiple times or as comma-separated values)--bind-tcp <port>: Allow binding to specified TCP port (can be specified multiple times or as comma-separated values)--connect-tcp <port>: Allow connecting to specified TCP port (can be specified multiple times or as comma-separated values)--env <var>: Environment variable to pass to the sandboxed command (format: KEY=VALUE or just KEY to pass current value)--best-effort: Use best effort mode, falling back to less restrictive sandbox if necessary [default: disabled]--log-level <level>: Set logging level (error, info, debug) [default: "error"]--unrestricted-network: Allows unrestricted network access (disables all network restrictions)--unrestricted-filesystem: Allows unrestricted filesystem access (disables all filesystem restrictions)--add-exec: Automatically adds the executing binary to --rox--ldd: Automatically adds required libraries to --rox--rox flag/usr/bin, /usr/lib, and other system directories--rwx for directories or files where you need both write access and the ability to execute files--env to explicitly pass environment variables--best-effort flag allows graceful degradation on older kernels that don't support all requested restrictions--ro /usr,/lib,/home)LANDRUN_LOG_LEVEL: Set logging level (error, info, debug)landrun --rox /usr/bin/ls --rox /usr/lib --ro /home ls /home
landrun --rox /usr/ --ro /path/to/dir ls /path/to/dir
landrun --rox /usr/bin --ro /lib --rw /path/to/dir touch /path/to/dir/newfile
landrun --rox /usr/bin --ro /lib --rw /path/to/dir/newfile touch /path/to/dir/newfile
landrun --rox /usr/ --ro /lib,/lib64 /usr/bin/bash
landrun --log-level debug --rox /usr/ --ro /lib,/lib64,/path/to/dir ls /path/to/dir
landrun --rox /usr/ --ro /lib,/lib64 --bind-tcp 8080 --connect-tcp 80 /usr/bin/my-server
This will allow the program to only bind to TCP port 8080 and connect to TCP port 80.
landrun --log-level debug --ro /etc,/usr --rox /usr/ --connect-tcp 443 nc kernel.org 443
This allows connections to port 443, requires access to /etc/resolv.conf for resolving DNS.
landrun --rox /usr/bin --ro /lib,/lib64,/var/www --rwx /var/log --bind-tcp 80,443 /usr/bin/nginx
landrun ls
landrun --rox /usr strace -f -e trace=all ls
landrun --rox /usr --ro /etc --env HOME --env PATH --env CUSTOM_VAR=my_value -- env
landrun --rox /usr/lib/libc.so.6 --rox /usr/lib64/ld-linux-x86-64.so.2 --rox /usr/bin/true /usr/bin/true
landrun --rox /usr/lib/ --add-exec /usr/bin/true
landrun --ldd --add-exec /usr/bin/true
Note that shared libs always need exec permission due to how they are loaded, PROT_EXEC on mmap() etc.
This example passes the current HOME and PATH variables, plus a custom variable named CUSTOM_VAR.
landrun can be integrated with systemd to run services with enhanced security. Here's an example of running nginx with landrun:
/etc/systemd/system/nginx-landrun.service):[Unit]
Description=nginx with landrun sandbox
After=network.target
[Service]
Type=simple
ExecStart=/usr/bin/landrun \
--rox /usr/bin,/usr/lib \
--ro /etc/nginx,/etc/ssl,/etc/passwd,/etc/group,/etc/nsswitch.conf \
--rwx /var/log/nginx \
--rwx /var/cache/nginx \
--bind-tcp 80,443 \
/usr/bin/nginx -g 'daemon off;'
Restart=always
User=nginx
Group=nginx
[Install]
WantedBy=multi-user.target
sudo systemctl daemon-reload
sudo systemctl enable nginx-landrun
sudo systemctl start nginx-landrun
sudo systemctl status nginx-landrun
This configuration: - Runs nginx with minimal required permissions - Allows binding to ports 80 and 443 - Provides read-only access to configuration files - Allows write access only to log and cache directories - Runs as the nginx user and group - Automatically restarts on failure
You can adjust the permissions based on your specific needs. For example, if you need to serve static files from /var/www, add --ro /var/www to the ExecStart line.
landrun uses Linux's Landlock to create a secure sandbox environment. It provides:
Landlock is an access-control system that enables processes to securely restrict themselves and their future children. As a stackable Linux Security Module (LSM), it creates additional security layers on top of existing system-wide access controls, helping to mitigate security impacts from bugs or malicious behavior in applications.
landrun leverages Landlock's fine-grained access control mechanisms, which include:
File-specific rights:
LANDLOCK_ACCESS_FS_EXECUTE)LANDLOCK_ACCESS_FS_WRITE_FILE)LANDLOCK_ACCESS_FS_READ_FILE)LANDLOCK_ACCESS_FS_TRUNCATE) - Available since Landlock ABI v3LANDLOCK_ACCESS_FS_IOCTL_DEV) - Available since Landlock ABI v5Directory-specific rights:
LANDLOCK_ACCESS_FS_READ_DIR)LANDLOCK_ACCESS_FS_REMOVE_DIR)LANDLOCK_ACCESS_FS_REMOVE_FILE)LANDLOCK_ACCESS_FS_REFER) - Available since Landlock ABI v2Network-specific rights (requires Linux 6.7+ with Landlock ABI v4):
LANDLOCK_ACCESS_NET_BIND_TCP)LANDLOCK_ACCESS_NET_CONNECT_TCP)| Feature | Minimum Kernel Version | Landlock ABI Version |
|---|---|---|
| Basic filesystem sandboxing | 5.13 | 1 |
| File referring/reparenting control | 5.19 | 2 |
| File truncation control | 6.2 | 3 |
| Network TCP restrictions | 6.7 | 4 |
| IOCTL on special files | 6.10 | 5 |
If you receive "permission denied" or similar errors:
--ro or --rw--log-level debug to see detailed permission informationbash
grep -E 'landlock|lsm=' /boot/config-$(uname -r)
# alternatively, if there are no /boot/config-* files
zgrep -iE 'landlock|lsm=' /proc/config.gz
# another alternate method
grep -iE 'landlock|lsm=' /lib/modules/$(uname -r)/config
You should see CONFIG_SECURITY_LANDLOCK=y and lsm=landlock,... in the outputbash
uname -rThis project uses the landlock-lsm/go-landlock package for sandboxing, which provides both filesystem and network restrictions. The current implementation supports:
When using --best-effort (disabled by default), landrun will gracefully degrade to using the best available Landlock version on the current kernel. This means:
When no rules are specified and neither unrestricted flag is set, landrun will apply maximum restrictions available for the current kernel version.
The project includes a comprehensive test suite that verifies:
Run the tests with:
./test.sh
Use --keep-binary to preserve the test binary after completion:
./test.sh --keep-binary
Use --use-system to test against the system-installed landrun binary:
./test.sh --use-system
Based on the Linux Landlock API capabilities, we plan to add:
This project wouldn't exist without:
$ claude mcp add landrun \
-- python -m otcore.mcp_server <graph>