Skip to content

add landlock sandbox#995

Open
valoq wants to merge 6 commits into
ouch-org:mainfrom
valoq:landlock
Open

add landlock sandbox#995
valoq wants to merge 6 commits into
ouch-org:mainfrom
valoq:landlock

Conversation

@valoq

@valoq valoq commented May 19, 2026

Copy link
Copy Markdown
Collaborator

New version of #723

This PR adds landlock filesystem isolation to ouch as discussed in #722
With the new smart unpack by default feature, this is now easy to apply.

Since this is a major feature change and can easily break things, I say this should wait until after a new release has been made and then it can be merged sit in the repo for contributors to test for a while

@valoq valoq marked this pull request as ready for review June 9, 2026 17:24
@valoq

valoq commented Jun 9, 2026

Copy link
Copy Markdown
Collaborator Author

This PR is now pretty much ready to be tested in practice by anyone interested.

There are still have a few things I want to clean up in the unit tests but the sandbox code itself should be complete now.
The kernel requirement is >= 6.12 and the sandbox isolates the file system not just against file manipulation but also prevents execution and network access.

@valoq valoq marked this pull request as draft June 12, 2026 12:31
@valoq valoq marked this pull request as ready for review June 14, 2026 23:00
@valoq

valoq commented Jun 25, 2026

Copy link
Copy Markdown
Collaborator Author

@marcospb19 This should also be ready to merge now.
Since it has still a decent chance of breaking things, I would suggest a new minor release with the recent commit before merging this into main, so it can sit there for a bit while more users test it.

@marcospb19

Copy link
Copy Markdown
Member

I messed up a merge conflict, trying to solve it right now.

@marcospb19

Copy link
Copy Markdown
Member

I'm fixing by resetting to your last good commit, and running a rebase against origin/main, that's why the force push.

Comment thread src/commands/decompress.rs Outdated
Comment thread src/commands/decompress.rs Outdated
Comment thread src/commands/list.rs
Comment thread src/commands/decompress.rs
Comment thread src/commands/list.rs
@valoq valoq requested a review from marcospb19 June 28, 2026 03:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants