@solarhell — heads-up on a small parity gap in the Go SDK, and an offer.
PR #71 added the Protection opt-out (allow_degraded / disable per Landlock protection) so a sandbox can run below the default ABI v6 floor by degrading or disabling the v6-only scopes. It landed in Rust, Python, and the C ABI, but the Go SDK didn't pick it up: Sandbox has no AllowDegraded / Disable, and go/sandbox.go + the README still state a hard "requires Linux 6.12+ (Landlock v6)" — no longer the real floor once you opt out.
The C symbols are already in the generated header (sandlock_sandbox_builder_allow_degraded, sandlock_sandbox_builder_disable, sandlock_protection_min_abi), so the binding is mechanical: a Protection type mirroring the discriminants, AllowDegraded / Disable []Protection fields wired into buildPolicy, a ProtectionMinABI helper, and a doc tweak.
I wired this for our own use and it's working — go vet clean, and I validated the end-to-end degrade path on real low-ABI kernels (a fully-degradable policy builds and confines on Landlock ABI v1 and v5, where the default strict policy fails to build). Happy to open it as a PR for your review, or hand you the patch / leave it entirely to you — the Go SDK is your call. Let me know which you'd prefer.
@solarhell — heads-up on a small parity gap in the Go SDK, and an offer.
PR #71 added the Protection opt-out (
allow_degraded/disableper Landlock protection) so a sandbox can run below the default ABI v6 floor by degrading or disabling the v6-only scopes. It landed in Rust, Python, and the C ABI, but the Go SDK didn't pick it up:Sandboxhas noAllowDegraded/Disable, andgo/sandbox.go+ the README still state a hard "requires Linux 6.12+ (Landlock v6)" — no longer the real floor once you opt out.The C symbols are already in the generated header (
sandlock_sandbox_builder_allow_degraded,sandlock_sandbox_builder_disable,sandlock_protection_min_abi), so the binding is mechanical: aProtectiontype mirroring the discriminants,AllowDegraded/Disable []Protectionfields wired intobuildPolicy, aProtectionMinABIhelper, and a doc tweak.I wired this for our own use and it's working —
go vetclean, and I validated the end-to-end degrade path on real low-ABI kernels (a fully-degradable policy builds and confines on Landlock ABI v1 and v5, where the default strict policy fails to build). Happy to open it as a PR for your review, or hand you the patch / leave it entirely to you — the Go SDK is your call. Let me know which you'd prefer.