Description
gVisor currently does not expose the Linux Landlock ABI. Tools such as nono and openai codex use Landlock as an unprivileged, inherited, kernel-enforced sandbox for filesystem, networking, and process/IPC scoping. When run inside a gVisor container, these tools cannot apply their expected sandbox policy.
As one of the maintainers of nono, I have had a good few users asking about gVisor support and it makes sense why - they compose really well together with the strong isolation model of gvisor and nono's capability based policy model.
Is this feature related to a specific bug?
Its a feature request.
Do you have a specific solution in mind?
current gVisor syscall tables do not register:
landlock_create_ruleset
landlock_add_rule
landlock_restrict_self
So Applications probing Landlock observe it as unavailable.
An incremental path (if prefered) could be the following as we walk up the ABI versions, or even better include support for all - but we need to consider managing older kernels
- Landlock V3 filesystem enforcement.
- Landlock V4 TCP port enforcement.
- Landlock V5/V6 device ioctl and scoping.
- Landlock ABI 7 (audit)
cc @EtiennePerot and @l0kod
Description
gVisor currently does not expose the Linux Landlock ABI. Tools such as nono and openai codex use Landlock as an unprivileged, inherited, kernel-enforced sandbox for filesystem, networking, and process/IPC scoping. When run inside a gVisor container, these tools cannot apply their expected sandbox policy.
As one of the maintainers of nono, I have had a good few users asking about gVisor support and it makes sense why - they compose really well together with the strong isolation model of gvisor and nono's capability based policy model.
Is this feature related to a specific bug?
Its a feature request.
Do you have a specific solution in mind?
current gVisor syscall tables do not register:
landlock_create_rulesetlandlock_add_rulelandlock_restrict_selfSo Applications probing Landlock observe it as unavailable.
An incremental path (if prefered) could be the following as we walk up the ABI versions, or even better include support for all - but we need to consider managing older kernels
cc @EtiennePerot and @l0kod