Neovim sandboxing help #51

tpaau · 2026-02-10T13:25:45Z

tpaau
Feb 10, 2026

I'm having a hard time trying to mitigate possible sandbox escapes for my Neovim sandbox.

I want to deny access to ~/.config/nvim/nvim-sandboxed.fish, and the landrun binary.

This is the command I ended up using:

function nvim --description "Neovim (sandboxed)"
	landrun \
		--env COLORTERM \
		--env HOME \
		--env LD_PRELOAD \
		--env PATH \
		--env TERM \
		--env USER \
		--env XDG_RUNTIME_DIR \
		--env WAYLAND_DISPLAY \
		--ro ~/.config/nvim/nvim-sandboxed.fish \
		--ro /etc \
		--ro ~/.gitconfig \
		--rox /usr \
		--rox "$(which landrun)" \
		--add-exec \
		--rw /dev \
		--rw /tmp \
		--rw ~/.config/nvim \
		--rw ~/.cache/nvim \
		--rw ~/.local/state/nvim \
		--rw "$(git rev-parse --show-toplevel 2>/dev/null || pwd)" \
		--rw "$XDG_RUNTIME_DIR" \
		--rwx ~/.local/share/nvim \
		--rwx ~/.cargo \
		--rwx ~/.rustup \
		nvim $argv
end

I can tell that the sandbox is working to an extent, because if I try to go to a parent directory with netrv, I don't see any entries, and I also can't update the Neovim plugins I installed.

As you can see, Neovim is given read-only access to both ~/.config/nvim/nvim-sandboxed.fish (which is the sandboxing script) and the landrun binary:

# ...
--ro ~/.config/nvim/nvim-sandboxed.fish \
# ...
--rox "$(which landrun)" \
# ...

But despite that, I can still write to all files in the directory Neovim was launched in, including the landrun binary and the sandboxing script.

Here are the logs that I get when I start Neovim with the --log-level debug argument passed to landrun:

~/.config/nvim (main) > nvim nvim-sandboxed.fish
[landrun:debug] 2026/02/10 14:17:05 Added executable path: /usr/bin/nvim
[landrun] 2026/02/10 14:17:05 Sandbox config: {ReadOnlyPaths:[/home/mikolaj/.config/nvim/nvim-sandboxed.fish /etc /home/mikolaj/.gitconfig /usr /home/mikolaj/.local/bin/landrun] ReadWritePaths:[/dev /tmp /home/mikolaj/.config/nvim /home/mikolaj/.cache/nvim /home/mikolaj/.local/state/nvim /var/home/mikolaj/.config/nvim /run/user/1000 /home/mikolaj/.local/share/nvim /home/mikolaj/.cargo /home/mikolaj/.rustup] ReadOnlyExecutablePaths:[/usr /home/mikolaj/.local/bin/landrun /usr/bin/nvim] ReadWriteExecutablePaths:[/home/mikolaj/.local/share/nvim /home/mikolaj/.cargo /home/mikolaj/.rustup] BindTCPPorts:[] ConnectTCPPorts:[] BestEffort:false UnrestrictedFilesystem:false UnrestrictedNetwork:false}
[landrun:debug] 2026/02/10 14:17:05 Adding read-only executable path: /usr
[landrun:debug] 2026/02/10 14:17:05 Adding read-only executable path: /home/mikolaj/.local/bin/landrun
[landrun:debug] 2026/02/10 14:17:05 Adding read-only executable path: /usr/bin/nvim
[landrun:debug] 2026/02/10 14:17:05 Adding read-write executable path: /home/mikolaj/.local/share/nvim
[landrun:debug] 2026/02/10 14:17:05 Adding read-write executable path: /home/mikolaj/.cargo
[landrun:debug] 2026/02/10 14:17:05 Adding read-write executable path: /home/mikolaj/.rustup
[landrun:debug] 2026/02/10 14:17:05 Adding read-only path: /home/mikolaj/.config/nvim/nvim-sandboxed.fish
[landrun:debug] 2026/02/10 14:17:05 Adding read-only path: /etc
[landrun:debug] 2026/02/10 14:17:05 Adding read-only path: /home/mikolaj/.gitconfig
[landrun:debug] 2026/02/10 14:17:05 Adding read-only path: /usr
[landrun:debug] 2026/02/10 14:17:05 Adding read-only path: /home/mikolaj/.local/bin/landrun
[landrun:debug] 2026/02/10 14:17:05 Adding read-write path: /dev
[landrun:debug] 2026/02/10 14:17:05 Adding read-write path: /tmp
[landrun:debug] 2026/02/10 14:17:05 Adding read-write path: /home/mikolaj/.config/nvim
[landrun:debug] 2026/02/10 14:17:05 Adding read-write path: /home/mikolaj/.cache/nvim
[landrun:debug] 2026/02/10 14:17:05 Adding read-write path: /home/mikolaj/.local/state/nvim
[landrun:debug] 2026/02/10 14:17:05 Adding read-write path: /var/home/mikolaj/.config/nvim
[landrun:debug] 2026/02/10 14:17:05 Adding read-write path: /run/user/1000
[landrun:debug] 2026/02/10 14:17:05 Adding read-write path: /home/mikolaj/.local/share/nvim
[landrun:debug] 2026/02/10 14:17:05 Adding read-write path: /home/mikolaj/.cargo
[landrun:debug] 2026/02/10 14:17:05 Adding read-write path: /home/mikolaj/.rustup
[landrun:debug] 2026/02/10 14:17:05 Applying Landlock restrictions
[landrun] 2026/02/10 14:17:05 Landlock restrictions applied successfully
[landrun] 2026/02/10 14:17:05 Executing: [nvim nvim-sandboxed.fish]
~/.config/nvim (main) >

I'm really confused as to what is happening here.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Neovim sandboxing help #51

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 0 comments

Select a reply

Uh oh!

Neovim sandboxing help #51

Uh oh!

Uh oh!

tpaau Feb 10, 2026

Replies: 0 comments

tpaau
Feb 10, 2026