9 releases (breaking)
| new 0.11.0 | Mar 5, 2026 |
|---|---|
| 0.10.0 | Mar 4, 2026 |
| 0.9.0 | Mar 3, 2026 |
| 0.8.1 | Mar 3, 2026 |
| 0.0.1 |
|
#108 in Unix APIs
4,468 downloads per month
Used in 2 crates
590KB
12K
SLoC
nono
Capability-based sandboxing library using Landlock (Linux) and Seatbelt (macOS).
Overview
nono provides OS-enforced sandboxing where unauthorized operations are structurally impossible. Once a sandbox is applied, there is no API to expand permissions - the kernel enforces all restrictions.
Installation
[dependencies]
nono = "0.1"
Usage
use nono::{CapabilitySet, Sandbox};
// Build a capability set
let mut caps = CapabilitySet::new();
caps.allow_read("/path/to/read")?;
caps.allow_write("/path/to/write")?;
caps.allow_execute("/usr/bin/ls")?;
// Apply the sandbox (irreversible)
Sandbox::apply(&caps)?;
// All subsequent operations are restricted to granted capabilities
Features
- Landlock (Linux 5.13+) - Filesystem access control
- Seatbelt (macOS) - Filesystem and network restrictions
- No escape hatch - Once applied, restrictions cannot be lifted
- Child process inheritance - All spawned processes inherit restrictions
Platform Support
| Platform | Mechanism | Minimum Version |
|---|---|---|
| Linux | Landlock | Kernel 5.13+ |
| macOS | Seatbelt | 10.5+ |
Documentation
License
Apache-2.0
Dependencies
~101MB
~2.5M SLoC