Lind is a single-process sandbox that provides an option to safely execute programs. Lind executes applications using software fault isolation and a kernel microvisor to limit the potential of reaching bugs or security flaws in the application.
In Old Norse, Old High German and Old English a “lind” is a shield constructed with two layers of linden wood. Linden wood shields are lightweight, and do not split easily, an appropriate metaphor for a sandboxing system which employs two technologies.
lind-wasm is a WebAssembly-focused extension of the Lind project. It integrates multiple components—both in-house and third-party—to enable execution of POSIX-like applications in WebAssembly runtimes, such as Wasmtime.
Check out the Getting started guide and docs on our website to learn more about Lind!
This monorepo combines various subprojects and dependencies that work together to support Lind's goals. Below is an overview of the major components:
| Component | Location | Description |
|---|---|---|
fdtables |
src/fdtables |
Provides file descriptor table management, used to emulate POSIX semantics |
RawPOSIX |
src/RawPOSIX |
Implementation of raw POSIX syscall wrappers used internally by Lind |
sysdefs |
src/sysdefs |
Shared system call definitions and constants for cross-platform support |
| Project | Location | Description |
|---|---|---|
glibc |
third_party/glibc |
Modified version of glibc to support WebAssembly and Lind interfaces |
wasmtime |
src/wasmtime |
Embedded Wasmtime runtime for running and debugging Lind-Wasm modules |
| Tool | Location | Description |
|---|---|---|
binaryen |
tools/binaryen |
Provides wasm-opt and other utilities used for optimizing wasm binaries |
![@github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=64&v=4){kind=small}
