feat: add Landlock sandbox for sidecar process isolation

SandboxConfig with RW/RO paths applied via pre_exec() in sidecar child process. Requires kernel 6.2+ with graceful fallback. Per-project toggle in SettingsTab. 9 unit tests.
2026-03-12 04:57:29 +01:00 · 2026-03-12 04:57:29 +01:00 · b2c379516c
commit b2c379516c
parent 548478f115
8 changed files with 363 additions and 12 deletions
--- a/v2/bterminal-core/Cargo.toml
+++ b/v2/bterminal-core/Cargo.toml
@ -12,3 +12,4 @@ log = "0.4"
 portable-pty = "0.8"
 uuid = { version = "1", features = ["v4"] }
 dirs = "5"
+landlock = "0.4"