Hi, I just released Island, a sandboxing tool powered by Landlock: https://github.com/landlock-lsm/island
Island makes Landlock practical for everyday workflows by acting as a high-level wrapper and policy manager. Developed alongside the kernel feature and its Rust libraries, it bridges the gap between raw security mechanisms and user activity through: - Zero-code integration: Runs existing binaries without modification. - Declarative policies: Uses TOML profiles instead of code-based rules. - Context-aware activation: Automatically applies security profiles based on your current working directory. - Full environment isolation: Manages isolated workspaces (XDG directories, TMPDIR) in addition to access control. - Transparent shell integration: Automatically sandboxes commands in your shell without changing your workflow. - Zero-privilege operation: No root access or special capabilities required. - Layered protection: Multiple profiles compose cleanly with deterministic ordering. It's a work in progress, so be careful. Feedback welcome! Regards, Mickaël
