Landlock idiomatic sandboxing in Nim
👋 Intro If you have ever spent time hardening Linux applications, you probably know the frustration of the all-or-nothing permission model. In the standard Linux environment, once a process starts running, it usually has far more filesystem access than it actually needs. While we have tools like seccomp, chroot, or heavy-duty modules like SELinux and AppArmor, they often feel too complex for simple, application-level sandboxing. Landlock changes this. Since its merge into the Linux kernel in version 5.13, it has become a game-changer for developers. It allows a process to restrict itself without requiring root privileges, moving security away from global system policies and directly into your application code. ...