Fast, kernel-enforced application sandbox for macOS and Linux. Default-deny TOML profiles, Seatbelt + Landlock + seccomp + namespaces under the hood. Pasta/slirp4netns auto-plumbed network with per-IP nftables.
macos linux rust cli security ipc sandbox sandboxing seccomp isolation cage seatbelt privilege-separation devsecops container-security defense-in-depth supply-chain-security landlock appsandbox
-
Updated
May 2, 2026 - Rust