mirror of
https://github.com/comfyanonymous/ComfyUI.git
synced 2025-12-19 19:13:02 +08:00
ce445263e6
Implements Linux Landlock sandboxing to restrict filesystem access when ComfyUI is running. This provides defense-in-depth against malicious custom nodes or workflows that attempt to access sensitive files. How it works: - Uses Linux Landlock LSM (kernel 5.13+) via direct syscalls - Restricts write access to specific directories (output, input, temp, user) - Restricts read access to only what's needed (codebase, models, system libs) - Handles ABI versions 1-5, including IOCTL_DEV for GPU access on v5+ - Exits with error if --enable-landlock is set but Landlock unavailable Write access granted to: - ComfyUI output, input, temp, and user directories - System temp directory (for torch/backends) - SQLite database directory (if configured) - Paths specified via --landlock-allow-writable Read access granted to: - ComfyUI codebase directory - All configured model directories (including extra_model_paths.yaml) - Python installation and site-packages - System libraries (/usr, /lib, /lib64, /opt, /etc, /proc, /sys) - /nix (on NixOS systems) - /dev (with ioctl for GPU access) - Paths specified via --landlock-allow-readable Usage: python main.py --enable-landlock python main.py --enable-landlock --landlock-allow-writable /extra/dir python main.py --enable-landlock --landlock-allow-readable ~/.cache/huggingface Requirements: - Linux with kernel 5.13+ (fails with error on unsupported systems) - Once enabled, restrictions cannot be lifted for the process lifetime - Network access is not restricted (Landlock FS only) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| extra_config.py | ||
| install_util.py | ||
| json_util.py | ||
| landlock.py | ||