Enhance Linux sandbox security features with Landlock, seccomp, and eBPF monitoring

This commit is contained in:
JY Tan
2025-12-25 17:33:55 -08:00
parent a8158a39b3
commit 08ed28f88f
20 changed files with 2820 additions and 64 deletions

View File

@@ -0,0 +1,25 @@
//go:build !linux
// Package sandbox provides sandboxing functionality for macOS and Linux.
package sandbox
// SeccompFilter is a stub for non-Linux platforms.
type SeccompFilter struct {
debug bool
}
// NewSeccompFilter creates a stub seccomp filter.
func NewSeccompFilter(debug bool) *SeccompFilter {
return &SeccompFilter{debug: debug}
}
// GenerateBPFFilter returns an error on non-Linux platforms.
func (s *SeccompFilter) GenerateBPFFilter() (string, error) {
return "", nil
}
// CleanupFilter is a no-op on non-Linux platforms.
func (s *SeccompFilter) CleanupFilter(path string) {}
// DangerousSyscalls is empty on non-Linux platforms.
var DangerousSyscalls []string