Expand description
nono - Capability-based sandboxing library
This library provides OS-level sandboxing using Landlock (Linux) and Seatbelt (macOS) for capability-based filesystem and network isolation.
§Overview
nono is a pure sandboxing primitive - it provides the mechanism for OS-enforced isolation without imposing any security policy. Clients (CLI tools, language bindings) define their own policies.
§Example
use nono::{CapabilitySet, AccessMode, Sandbox};
fn main() -> nono::Result<()> {
// Build capability set - client must add ALL paths, including system paths
let caps = CapabilitySet::new()
// System paths for executables to run
.allow_path("/usr", AccessMode::Read)?
.allow_path("/lib", AccessMode::Read)?
.allow_path("/bin", AccessMode::Read)?
// User paths
.allow_path("/project", AccessMode::ReadWrite)?
.block_network();
// Check platform support
let support = Sandbox::support_info();
if !support.is_supported {
eprintln!("Warning: {}", support.details);
}
// Apply sandbox - this is irreversible
Sandbox::apply(&caps)?;
// Now running sandboxed...
Ok(())
}§Platform Support
- Linux: Uses Landlock LSM (kernel 5.13+)
- macOS: Uses Seatbelt sandbox
- Other platforms: Returns
UnsupportedPlatformerror
Re-exports§
pub use capability::AccessMode;pub use capability::CapabilitySet;pub use capability::CapabilitySource;pub use capability::FsCapability;pub use capability::IpcMode;pub use capability::NetworkMode;pub use capability::ProcessInfoMode;pub use capability::SignalMode;pub use diagnostic::CommandContext;pub use diagnostic::DenialReason;pub use diagnostic::DenialRecord;pub use diagnostic::DiagnosticFormatter;pub use diagnostic::DiagnosticMode;pub use diagnostic::SandboxViolation;pub use error::NonoError;pub use error::Result;pub use keystore::is_apple_password_uri;pub use keystore::is_env_uri;pub use keystore::is_file_uri;pub use keystore::is_op_uri;pub use keystore::load_secret_by_ref;pub use keystore::load_secret_file;pub use keystore::load_secrets;pub use keystore::redact_apple_password_uri;pub use keystore::redact_file_uri;pub use keystore::redact_op_uri;pub use keystore::store_secret_file;pub use keystore::validate_apple_password_uri;pub use keystore::validate_destination_env_var;pub use keystore::validate_env_uri;pub use keystore::validate_file_uri;pub use keystore::validate_op_uri;pub use keystore::LoadedSecret;pub use net_filter::FilterResult;pub use net_filter::HostFilter;pub use sandbox::detect_abi;pub use sandbox::is_wsl2;pub use sandbox::DetectedAbi;pub use sandbox::Sandbox;pub use sandbox::SupportInfo;pub use state::SandboxState;pub use supervisor::ApprovalBackend;pub use supervisor::ApprovalDecision;pub use supervisor::CapabilityRequest;pub use supervisor::SupervisorSocket;pub use supervisor::UrlOpenRequest;pub use trust::Enforcement;pub use trust::IncludePatterns;pub use trust::Publisher;pub use trust::SignerIdentity;pub use trust::TrustPolicy;pub use trust::VerificationOutcome;pub use trust::VerificationResult;
Modules§
- capability
- Capability model for filesystem and network access
- diagnostic
- Diagnostic output formatter for sandbox policy.
- error
- Error types for the nono library
- keystore
- Secure credential loading from system keystore, 1Password, Apple Passwords, and environment
- manifest
- Capability manifest types and operations
- manifest_
convert - Conversion from capability manifest types to internal
CapabilitySet. - net_
filter - Network host filtering for proxy-level domain matching.
- query
- Query API for checking sandbox permissions
- sandbox
- OS-level sandbox implementation
- state
- Sandbox state persistence
- supervisor
- Supervisor IPC for runtime capability expansion
- trust
- File attestation and integrity verification
- undo
- Undo system: content-addressable snapshots with Merkle tree integrity