|
|
|
|
|
|
by khrbtxyz
457 days ago
|
|
|
I don't quite understand what --exec does. If I leave out --exec from example 3, is it supposed to prevent bash from executing other programs? $ landrun --log-level debug --ro /usr/bin,/lib,/lib64 /usr/bin/bash --norc
[landrun] 2025/03/22 17:16:29 Sandbox config: {ReadOnlyPaths:[/usr/bin /lib /lib64] ReadWritePaths:[] AllowExec:false BindTCPPorts:[] ConnectTCPPorts:[] BestEffort:true}
[landrun:debug] 2025/03/22 17:16:29 Adding read-only path: /usr/bin
[landrun:debug] 2025/03/22 17:16:29 Adding read-only path: /lib
[landrun:debug] 2025/03/22 17:16:29 Adding read-only path: /lib64
[landrun:debug] 2025/03/22 17:16:29 Applying Landlock restrictions
[landrun] 2025/03/22 17:16:29 Landlock restrictions applied successfully
[landrun] 2025/03/22 17:16:29 Executing: [/usr/bin/bash --norc]
bash-5.2$
bash-5.2$ /usr/bin/uname -r
6.13.7-200.fc41.aarch64
|
|
|