cmd/landlock-nonet: WIP: restrict networking using Landlock

cmd/landlock-nonet/main.go

@@ -0,0 +1,28 @@
+package main
+
+import (
+	"log"
+	"os"
+	"syscall"
+
+	"github.com/landlock-lsm/go-landlock/landlock"
+)
+
+func main() {
+	var cmd []string
+	if len(os.Args) > 1 {
+		cmd = os.Args[1:]
+	} else {
+		log.Println("missing command to call, using /bin/bash")
+		cmd = []string{"/bin/bash"}
+	}
+
+	if err := landlock.V4.RestrictNet(); err != nil {
+		log.Fatalf("landlock RestrictNet: %v", err)
+	}
+
+	log.Printf("Starting %v", cmd)
+	if err := syscall.Exec(cmd[0], cmd, os.Environ()); err != nil {
+		log.Fatalf("execve: %v", err)
+	}
+}