Skip to main content
The nono Python SDK provides OS-enforced sandboxing using Landlock (Linux) and Seatbelt (macOS). Once a sandbox is applied, unauthorized operations are structurally impossible.

Features

OS-Enforced Security

Sandboxing enforced at the kernel level, not application level. Cannot be bypassed by the sandboxed process.

Capability-Based

Explicitly grant access to files, directories, and network. Everything else is denied by default.

Cross-Platform

Works on Linux (Landlock) and macOS (Seatbelt) with a unified API.

Type-Safe

Full type stubs for IDE autocompletion and static type checking with mypy.

Quick Example

from nono_py import CapabilitySet, AccessMode, apply, is_supported

# Check platform support
if not is_supported():
    print("Sandboxing not supported on this platform")
    exit(1)

# Build capability set
caps = CapabilitySet()
caps.allow_path("/tmp", AccessMode.READ_WRITE)
caps.allow_file("/etc/hosts", AccessMode.READ)
caps.block_network()

# Apply sandbox (irreversible!)
apply(caps)

# Process is now sandboxed
# - Can read/write in /tmp
# - Can read /etc/hosts
# - Cannot access network
# - Cannot access any other files

When to Use

The Python SDK is ideal for:
  • AI Agents: Sandbox untrusted code execution from LLM-generated scripts
  • Plugin Systems: Isolate third-party plugins from your main application
  • Data Processing: Limit file access when processing untrusted data
  • Testing: Ensure tests don’t accidentally modify system files

Platform Support

PlatformBackendRequirements
LinuxLandlockKernel 5.13+ with Landlock enabled
macOSSeatbeltmacOS 10.5+
Windows-Not supported
Use is_supported() to check if sandboxing is available at runtime.

Next Steps