Conversation
jarkko

Jarkko Sakkinen

pi-landstrip sandboxes per tool command making it possible to re-evaluate Landlock policy also in that granularity. This allows permission dialogs, which are quite useful :-)

I find this tool command concept and related sandboxing a good one, and would use it outside of this context e.g., to limit external commands in email application or file manager.

And despite inheriting from such an unorthodox reality, Landstrip itself is just a polished sandboxing tool with real and relevant use cases.
1
0
0
zygoon@fosstodon.org

Zygmunt Krynicki

Reply to @jarkko

@jarkko but is landlock any good yet? Last time I looked (around 6 months ago) it was full of holes that would leave a lot of things unchecked.

1
0
0
jarkko

Jarkko Sakkinen

Reply to @zygoon@fosstodon.org
@zygoon I don't really know where to balance that question.
1
0
0
jarkko

Jarkko Sakkinen

Reply to @jarkko
@zygoon It fits my use case at least, it as far as I can tell. And I understand what it is doing in my code too (which is becoming more rare) :-) Nothing is great in the void ... i.e., must be relative to a use case.
1
0
0
zygoon@fosstodon.org

Zygmunt Krynicki

Reply to @jarkko

@jarkko right but my point is on the sandbox itself. When we looked at it, it was very hard to use it as a replacement for apparmor that works regardless if you have a certain directory or if you don't. With landlock you need to pre-create everything and hoping nothing gets mounted over or removed. With apparmor it was just a non-issue.

1
0
0
jarkko

Jarkko Sakkinen

Reply to @zygoon@fosstodon.org
@zygoon One thing that is sort of "racy" but I find it more like security property is that I do recursive sweep to address "deny list" policy. When Landlock activates obviously anything done to subtree done outside of scan will not reflect and that is great.

As far ar AppArmor goes I don't really see benefit of using Landlock as system MAC. For my use case it is easiest tool available., AppArmor is much better for what AppArmor does.

So for that use case, not it's not a great choice :-)
2
0
1
zygoon@fosstodon.org

Zygmunt Krynicki

Reply to @jarkko

@jarkko landlock does seem nice for an opt-in internal sandbox for something you maintain.

1
0
1
jarkko

Jarkko Sakkinen

Reply to @jarkko
@zygoon My use use case more generically, outside of AI slop:

1. You have program, let's say file manager.
2. It has external commands.
3. You might give each a differnet permission to do shit.
4. Landlock is perfect from on-the-fly wrap that external command run into a sandbox.
0
0
0
jarkko

Jarkko Sakkinen

Reply to @zygoon@fosstodon.org
@zygoon yeah and for sandbox like Landstrip it is best size-fit with macOS's Seatbelt and Win32 AppContainer profiles. I.e., same policy can be mapped to in the ballpark to same restrictions.
1
0
1
zygoon@fosstodon.org

Zygmunt Krynicki

Reply to @jarkko

@jarkko Yes that does seem nice. I didn't know macos sandbox has become public API

1
0
1
jarkko

Jarkko Sakkinen

Reply to @zygoon@fosstodon.org
@zygoon Yeah I use FFI in Rust to access those API calls in macOS :-)
1
0
0
jarkko

Jarkko Sakkinen

Reply to @jarkko
Edited 5 days ago
@zygoon And while I don't likeAnthropic at all, I thought its JSON policy is useful to base tool level sandboxing. It's the most wide spread format that people most likely can cope with. Much better for adaptation than making my own perfect security policy format :-) And it gives limitations so that project does not blow out of proportions.
1
0
0
zygoon@fosstodon.org

Zygmunt Krynicki

Reply to @jarkko

@jarkko the front end being readable is very important. I worry about the back end being enforced correctly.

1
0
0
jarkko

Jarkko Sakkinen

Reply to @zygoon@fosstodon.org
@zygoon Yeah so how you actually should wrap these coding agent bastards is with at least two layers.

1. Within agent a working tool sandboxing implementation (Claude Code has broken).
2. Wrap the environment into a container or VM with disposable rootfs.

Most people will never implement 2 :-) It does not play with AI psychosis in yolo mode but yeah that is the safe play.

Google's gVisor (runsc) is a great option for wrap 2 when used together with Docker or Podman.
1
0
0
zygoon@fosstodon.org

Zygmunt Krynicki

Reply to @jarkko

@jarkko have you seen openshell?

0
0
0
About social.kernel.org

Terms of service

  1. Please do not use this service in violation of the Linux Kernel Code of Conduct. Doing so will result in your account suspension with the referral of the matter to the CoC committee.

  2. "Repeating"/"boosting" someone else's status on this platform will be treated as endorsement and will fall under rule #1.

  3. You are encouraged to use this platform to promote your work on the Linux Kernel, but there is no restriction on permitted topics (with the exception of anything covered by #1 above).

  4. There is no requirement to post in English, but it should be considered the primary language of communication on this platform.

Privacy notice

The admins of this service have access to all posted statuses. They aren't looking, but if it's something they shouldn't know about, then you should not post it on this platform.

Please see the Linux Foundation Privacy Policy, which applies to this platform as well.

Getting your own account

If you would like an account on this instance, please check that the following applies to you:

  • You are listed in MAINTAINERS or CREDITS

  • OR: You have a kernel.org account or email address

  • OR: You have a long and established history of involvement with the Linux Kernel

If the above is true and you agree with the Terms of Service and Privacy Notice listed above, please use these instructions to request an account: