Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Landdown: Simple Sandboxing for Shell Scripts (sr.ht)
3 points by fanf2 20 days ago | hide | past | favorite | 2 comments


This is a really nice idea. The shebang-based approach makes it feel way more natural than wrapping everything in a separate command.

I like that it forces you to explicitly think about what a script actually needs (files, network, etc.). Most shell scripts run with way more access than they should.

Feels like a good middle ground between “no isolation” and heavier tools like bubblewrap or firejail.


Stuff like this ignores all of the tooling we have for this already, like users, groups, and permissions

That first example, it's a no-op for a regular users, they can't write those, use chmod/chown instead.

What you don't see is that this sort of thing, permissions within the scripts, are (1) easy to change (2) hard to maintain




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: