In this presentation, I will introduce Syd, a GPL-3 licensed application kernel designed for sandboxing applications on Linux systems. Over the past 16 years, Syd has evolved into a robust security boundary for applications, utilizing modern Linux APIs to eliminate vulnerabilities. Unlike other sandboxing tools, Syd operates without requiring extra privileges or privileged kernel context, aiming to provide a simple interface over complex Linux sandboxing mechanisms. Syd’s key features include path sandboxing, execution control, network sandboxing, and advanced features such as lock sandboxing and proxy sandboxing. Attendees will learn about Syd’s design and implementation, its practical applications, and integration into various environments.
https://fosdem.org/2025/schedule/event/fosdem-2025-4176-syd-an-introduction-to-secure-application-sandboxing-for-linux/