[rainworld]

  // If we have no rules, just return
  if len(rules) == 0 {
      log.Info("No sandbox rules to apply")
      return nil
  }

Really cool and well-written project, but I disagree with this choice: No rules should mean no rules (everything denied).

I would have suggested support for more fine-grained file/directory permissions—good to see that’s already planned.

[Zoup]

Yeah I agree with that, just release a new version that does that.

[rainworld]

Does Linux 6.8 in fact ship ABI v5? At least it’s not guaranteed (Ubuntu 24.04, 6.8.0-55-generic). This post suggests 6.10: https://lore.kernel.org/landlock/20240716.yui4Iezai8ae@digik...

[Zoup]

good catch, fixed.