RepoRadar
Leave a Tip
Item detail

multikernel/sandlock

Sandlock is an Apache-2.0 lightweight process-based sandbox for Linux using Landlock, seccomp-bpf, and seccomp user notification — no root, no cgroups, no containers, no VMs, ~5ms startup. 218 stars, ships HTTP-level ACLs (method + host + path rules), resource limits, COW filesystem isolation, and explicit prompt-injection containment as a first-class use case. Fills the gap between full container

Open source Back to radar
Score7.5
Popularity58.0
Riskconditional
TierSilver
Score breakdown
Usefulness8.0
Novelty8.0
Momentum7.0
Maturity6.7
Open-source/build8.4
Evidence7.2
Workflow potential9.0
Setup ease6.4

Popularity is tracked separately. Support, ads, sponsorships, and tips never affect these signals.

Why it matters

Useful for teams that want to run untrusted code (including AI agents) on Linux with kernel-enforced isolation without paying the container/VM overhead. sandlock run -w /tmp -r /usr -r /lib -m 512M -- python3 untrusted.py and you have a confined process with HTTP-level rules, no root required.

Who should use it

teams running untrusted code (including AI agents) on Linux who want kernel-enforced isolation without container overheadplatform teams standardizing on a lightweight sandbox for CI jobs that invoke coding agentsDevSecOps engineers who want HTTP-level ACLs (method + host + path) as part of agent confinementresearchers running adversarial code in a contained environment without privileged setupanyone who has outgrown the 'just run it in Docker' answer but doesn't want a Firecracker microVM

Who should skip it

Skip if the source link, docs, or setup requirements do not match your workflow.

Risk explanation

Linux-only (uses Landlock + seccomp); macOS/Windows users need WSL2 or a different sandbox; kernel-level confinement tool — verify the policy covers all the attack surfaces the agent can reach before treating it as a security boundary.

Evidence links

Closest alternatives / related signals

sandboxlinuxlandlockseccompisolationprompt-injectionuntrusted-codeci