Go Landlock

💾 Git | 📚 Docs

The Go Landlock library is designed to be easy to use. A typical use of the library might look like this:

err := landlock.V5.BestEffort().RestrictPaths(
    landlock.RODirs("/usr", "/bin"),
    landlock.RWDirs("/tmp"),
)

After this call:

• your program will have opportunistically enabled a Landlock policy, on kernels where Landlock can be used (LandlockBestEffortMode)
• file accesses will be as restricted as possible, but the program will continue to have (roughly) read and read-write access to the indicated directories

See the documentation for more API details and the GoLandlockTalk for a longer explanation.