From 226d07017f118c7d388046dbe23974ddc78f5ffa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Noack?= <gnoack3000@gmail.com>
Date: Sun, 4 Jun 2023 22:15:41 +0200
Subject: [PATCH] cmd/landlock-nonet: WIP: restrict networking using Landlock

---
 cmd/landlock-nonet/main.go | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 cmd/landlock-nonet/main.go

diff --git a/cmd/landlock-nonet/main.go b/cmd/landlock-nonet/main.go
new file mode 100644
index 0000000..7d1928b
--- /dev/null
+++ b/cmd/landlock-nonet/main.go
@@ -0,0 +1,28 @@
+package main
+
+import (
+	"log"
+	"os"
+	"syscall"
+
+	"github.com/landlock-lsm/go-landlock/landlock"
+)
+
+func main() {
+	var cmd []string
+	if len(os.Args) > 1 {
+		cmd = os.Args[1:]
+	} else {
+		log.Println("missing command to call, using /bin/bash")
+		cmd = []string{"/bin/bash"}
+	}
+
+	if err := landlock.V4.RestrictNet(); err != nil {
+		log.Fatalf("landlock RestrictNet: %v", err)
+	}
+
+	log.Printf("Starting %v", cmd)
+	if err := syscall.Exec(cmd[0], cmd, os.Environ()); err != nil {
+		log.Fatalf("execve: %v", err)
+	}
+}