Skip to main content

sandlock_core/
lib.rs

1pub mod error;
2pub mod policy;
3pub mod profile;
4pub mod result;
5pub mod sandbox;
6pub(crate) mod sys;
7pub mod landlock;
8pub mod seccomp;
9pub(crate) mod resource;
10pub(crate) mod network;
11pub mod context;
12pub(crate) mod vdso;
13pub(crate) mod random;
14pub(crate) mod time;
15pub(crate) mod cow;
16pub(crate) mod checkpoint;
17pub(crate) mod procfs;
18pub(crate) mod port_remap;
19pub mod pipeline;
20pub mod policy_fn;
21pub mod image;
22pub mod fork;
23pub(crate) mod chroot;
24pub mod dry_run;
25pub(crate) mod http_acl;
26
27pub use error::SandlockError;
28pub use checkpoint::Checkpoint;
29pub use policy::{Policy, PolicyBuilder};
30pub use result::{RunResult, ExitStatus};
31pub use sandbox::Sandbox;
32pub use pipeline::{Stage, Pipeline};
33pub use dry_run::{Change, ChangeKind, DryRunResult};
34
35/// Query the Landlock ABI version supported by the running kernel.
36pub fn landlock_abi_version() -> Result<u32, error::ConfinementError> {
37    landlock::abi_version()
38}
39
40/// Minimum Landlock ABI version required by sandlock.
41pub const MIN_LANDLOCK_ABI: u32 = landlock::MIN_ABI;
42
43/// Confine the calling process with Landlock restrictions.
44///
45/// This applies `PR_SET_NO_NEW_PRIVS` and Landlock rules from the policy's
46/// filesystem (`fs_readable`, `fs_writable`) fields. IPC and signal
47/// isolation are always enabled. The confinement is **irreversible**.
48///
49/// `fs_denied` is not enforced here because it requires supervisor-mediated
50/// path interception rather than Landlock's allowlist model.
51///
52/// Network, seccomp, resource limits, and other policy fields are ignored.
53///
54/// This does NOT fork or exec — it confines the current process in-place.
55pub fn confine_current_process(policy: &Policy) -> Result<(), SandlockError> {
56    // Set NO_NEW_PRIVS (required for Landlock)
57    if unsafe { libc::prctl(libc::PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) } != 0 {
58        return Err(SandlockError::Sandbox(
59            error::SandboxError::Confinement(
60                error::ConfinementError::Landlock(format!(
61                    "prctl(PR_SET_NO_NEW_PRIVS): {}",
62                    std::io::Error::last_os_error()
63                ))
64            )
65        ));
66    }
67
68    // Build a stripped policy with only Landlock-native fields that
69    // confine_current_process supports: filesystem + IPC + signals.
70    // Network port rules are excluded — they require the full sandbox.
71    let mut stripped = policy.clone();
72    stripped.net_bind.clear();
73    stripped.net_connect.clear();
74
75    // Apply Landlock rules
76    landlock::confine(&stripped)
77}