Landrun
Landrun is a lightweight Linux utility designed to enhance process security by sandboxing applications and restricting their access to system resources. By limiting what files, directories, and network resources a process can access, Landrun significantly reduces the attack surface and mitigates potential damage from compromised processes.
Why Should You Try Landrun?
- Simple configuration: Landrun uses intuitive rules to define sandbox environments, making it easy to integrate into existing workflows.
- Minimal overhead: Designed for efficiency, Landrun doesn't noticeably affect performance, making it suitable for both production and development environments.
- Flexible policy enforcement: Easily tailor access rules to match specific security requirements, granting or denying file, directory, and network access as needed.
- Enhanced security: By limiting a process's privileges and access, Landrun helps prevent unauthorized activities, containing security incidents before they escalate.
Example
Here's an example usage of Landrun:
$ landrun --ro /usr/bin/myapp --rw /var/myapp/data --no-net -- /usr/bin/myapp
In this example:
/usr/bin/myappis run with read-only access to its executable.- Read-write access is enabled only for
/var/myapp/data. - Network access is completely disabled (
--no-net).
This ensures the application runs within a controlled, secure environment, significantly reducing risk.
Check out the official repository and documentation to learn more and start securing your Linux processes today:
