Skip to main content
The nono Python SDK provides OS-enforced sandboxing using Landlock (Linux) and Seatbelt (macOS). Once a sandbox is applied, unauthorized operations are structurally impossible.

Features

OS-Enforced Security

Sandboxing enforced at the kernel level, not application level. Cannot be bypassed by the sandboxed process.

Capability-Based

Explicitly grant access to files, directories, and network. Everything else is denied by default.

Cross-Platform

Works on Linux (Landlock) and macOS (Seatbelt) with a unified API.

Type-Safe

Full type stubs for IDE autocompletion and static type checking with mypy.

Quick Example

from nono_py import CapabilitySet, AccessMode, apply, is_supported

# Check platform support
if not is_supported():
    print("Sandboxing not supported on this platform")
    exit(1)

# Build capability set
caps = CapabilitySet()
caps.allow_path("/tmp", AccessMode.READ_WRITE)
caps.allow_file("/etc/hosts", AccessMode.READ)
caps.block_network()

# Apply sandbox (irreversible!)
apply(caps)

# Process is now sandboxed
# - Can read/write in /tmp
# - Can read /etc/hosts
# - Cannot access network
# - Cannot access any other files

When to Use

The Python SDK is ideal for:
  • AI Agents: Sandbox untrusted code execution from LLM-generated scripts
  • Plugin Systems: Isolate third-party plugins from your main application
  • Data Processing: Limit file access when processing untrusted data
  • Testing: Ensure tests don’t accidentally modify system files

Platform Support

PlatformBackendRequirements
LinuxLandlockKernel 5.13+ with Landlock enabled
macOSSeatbeltmacOS 10.5+
Windows-Not supported
Use is_supported() to check if sandboxing is available at runtime.

Next Steps

Installation

Install the SDK with pip or from source

Quickstart

Build your first sandboxed application

API Reference

Explore the full API documentation

Examples

See real-world usage patterns