API overview

The whole binding is one class — Sandbox.Landlock — with four public methods and three enums. This page is a one-page reference; the guides drill into each method with worked examples.

For the corresponding kernel API, see landlock(7).

Static entry points

Member	Purpose	Kernel call
`bool Landlock.IsSupported()`	OS + arch + ABI ≥ 1 runtime check.	`landlock_create_ruleset` (version query)
`int Landlock.GetAbiVersion()`	The supported ABI version (≥ 1) or negative when unsupported.	`landlock_create_ruleset` (version query)
`Landlock Landlock.CreateRuleset(...)`	Build a ruleset declaring which rights it handles.	`landlock_create_ruleset`

CreateRuleset has three overloads to match the three resource categories:

// Filesystem only
Landlock.CreateRuleset(params Landlock.FileSystem[] fileSystem);

// Network only
Landlock.CreateRuleset(params Landlock.Network[] network);

// Filesystem + network + scopes
Landlock.CreateRuleset(
    Landlock.FileSystem[] fileSystem,
    Landlock.Network[]    network,
    Landlock.Scope[]      scope = null);

Pass null to a category to leave it untouched by the sandbox. See landlock(7) for what each handled-access bitmap means.

Instance methods

Member	Purpose	Kernel call
`Landlock AddPathBeneathRule(string parentPath, params FileSystem[] allowedActions)`	Re-grant access for a directory tree. Returns `this` for chaining.	`landlock_add_rule(..., PATH_BENEATH, ...)`
`Landlock AddPortRule(int port, params Network[] allowedActions)`	Re-grant access for a TCP port. Returns `this` for chaining.	`landlock_add_rule(..., NET_PORT, ...)`
`void Enforce(bool disableDenyLogging = false, bool enableChildDenyLogging = false, bool disabledNestedDomainsLogging = false)`	Apply the ruleset to the current thread. Irrevocable.	`prctl(PR_SET_NO_NEW_PRIVS)` + `landlock_restrict_self`

After Enforce(), any further AddPathBeneathRule / AddPortRule throws.

Enums

`Landlock.FileSystem`

Filesystem access rights. Each value maps to a LANDLOCK_ACCESS_FS_* flag in the kernel header. The right-most column is the minimum ABI version that defines the flag — see ABI versions.

C# value	Kernel constant	Min ABI
`CORE`	(convenience — expands to every filesystem right available on the current kernel except `IOCTL_DEV`)	1
`EXECUTE`	`LANDLOCK_ACCESS_FS_EXECUTE`	1
`WRITE_FILE`	`LANDLOCK_ACCESS_FS_WRITE_FILE`	1
`READ_FILE`	`LANDLOCK_ACCESS_FS_READ_FILE`	1
`READ_DIR`	`LANDLOCK_ACCESS_FS_READ_DIR`	1
`REMOVE_DIR`	`LANDLOCK_ACCESS_FS_REMOVE_DIR`	1
`REMOVE_FILE`	`LANDLOCK_ACCESS_FS_REMOVE_FILE`	1
`MAKE_CHAR`	`LANDLOCK_ACCESS_FS_MAKE_CHAR`	1
`MAKE_DIR`	`LANDLOCK_ACCESS_FS_MAKE_DIR`	1
`MAKE_REG`	`LANDLOCK_ACCESS_FS_MAKE_REG`	1
`MAKE_SOCK`	`LANDLOCK_ACCESS_FS_MAKE_SOCK`	1
`MAKE_FIFO`	`LANDLOCK_ACCESS_FS_MAKE_FIFO`	1
`MAKE_BLOCK`	`LANDLOCK_ACCESS_FS_MAKE_BLOCK`	1
`MAKE_SYM`	`LANDLOCK_ACCESS_FS_MAKE_SYM`	1
`REFER`	`LANDLOCK_ACCESS_FS_REFER`	2
`TRUNCATE`	`LANDLOCK_ACCESS_FS_TRUNCATE`	3
`IOCTL_DEV`	`LANDLOCK_ACCESS_FS_IOCTL_DEV`	5

For the semantics of each right (what counts as EXECUTE vs READ_FILE, why REMOVE_DIR is separate from REMOVE_FILE, etc.), see the "Filesystem flags" section of landlock(7).

`Landlock.Network`

TCP network access rights. Available from ABI 4 (kernel 6.7+).

C# value	Kernel constant	Min ABI
`BIND_TCP`	`LANDLOCK_ACCESS_NET_BIND_TCP`	4
`CONNECT_TCP`	`LANDLOCK_ACCESS_NET_CONNECT_TCP`	4

UDP and raw sockets are intentionally outside Landlock's scope — see the upstream kernel doc on network restrictions.

`Landlock.Scope`

IPC isolation flags. Available from ABI 6 (kernel 6.12+).

C# value	Kernel constant	Min ABI
`ABSTRACT_UNIX_SOCKET`	`LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET`	6
`SIGNAL`	`LANDLOCK_SCOPE_SIGNAL`	6

See "Scope flags" in landlock(7) for the precise semantics.

Lifecycle

stateDiagram-v2 [*] --> Building : Landlock.CreateRuleset(...) Building --> Building : AddPathBeneathRule()/AddPortRule() Building --> Enforced : Enforce() Enforced --> [*] note right of Building File descriptor for the ruleset is open; rules can be added. end note note right of Enforced Ruleset fd is closed. Restriction is permanent for this thread and its descendants. end note

You can hold a Landlock instance across multiple AddPathBeneathRule calls without enforcing.
You can throw the instance away (or let GC collect it) without enforcing — the kernel ruleset is just a file descriptor and is released when its handle goes out of scope.
Enforce() is idempotent on the same instance — calling it a second time is a no-op. But calling Enforce() on a different instance will layer additional restrictions on top of the existing sandbox.

For the kernel-side definition of the domain hierarchy, see the landlock(7) "Layered ruleset" discussion.

Exceptions

The binding wraps errno-returning syscalls in System.ComponentModel.Win32Exception — the standard .NET pattern for libc errors on Linux. You'll mostly see:

`errno`	Where	What it means
`ENOSYS` / `EOPNOTSUPP`	`CreateRuleset`	Landlock not built into the kernel. Guard with `IsSupported()`.
`EINVAL`	`CreateRuleset`	A handled-access flag was rejected by the kernel (typically: requested a flag your kernel doesn't know).
`ENOENT`	`AddPathBeneathRule`	The directory does not exist.
`EACCES`	Any filesystem syscall after `Enforce`	The sandbox blocked the access. Surfaces in .NET as `UnauthorizedAccessException`.

See the per-syscall man pages — landlock_create_ruleset(2), landlock_add_rule(2), landlock_restrict_self(2) — for the full errno reference.

Where next?

Filesystem rules

AddPathBeneathRule in depth — path semantics, allowed actions, multiple rules.

Network rules

TCP BIND and CONNECT allow-lists with AddPortRule.

Enforcing

Thread vs. process scope, child inheritance, layering rulesets, irrevocability.