Lind executes untrusted POSIX applications as isolated cages inside a single unprivileged host process — no kernel modifications, no elevated privileges — while keeping the isolation mechanism pluggable and the system-call policy layer uniform.
Sandboxes usually entangle two concerns: how an application is confined, and how its system calls are mediated. Lind separates them cleanly — so isolation technology can evolve without rewriting policy, and policy can be composed without touching the isolation substrate.
Each application runs as an isolated execution context with its own memory, control flow, and POSIX-like semantics — all inside one unprivileged host process.
The Intercage Interposition Interface routes every system call, delegating each to the trusted runtime or to user-space policy handlers. Programmable, uniform across backends.
User-space policy handlers that interpose on system calls — filter, transform, or service them entirely in user space, composable per workload.
A minimal trusted POSIX runtime that services the calls the policy layer chooses to pass through — keeping the trusted computing base small.
The isolation substrate is deliberately swappable. WebAssembly software fault isolation (via Wasmtime) is the first fully realized backend; hardware-assisted mechanisms such as Intel MPK and kernel backends are targeted next — each offering different performance and trust trade-offs, under the same mediation layer.
Most C/POSIX programs — and increasingly Rust programs — can be recompiled and sandboxed without source-level changes. A full LAMP stack (NGINX, PostgreSQL, Python) already runs as cages today.
lind-wasm is the mature, fully realized backend today — with end-to-end tests, benchmarks, dev containers, and public documentation.
The WebAssembly backend, built on a modified Wasmtime and glibc. Runs a full LAMP stack as isolated cages, with parts of the stack already mediated by grates. Ships with dev containers, an end-to-end test suite, benchmarks, and docs.
Example user-space policy handlers showing how grates interpose on and service system calls.
github.com/Lind-Project/lind-wasm-example-grates → ApplicationsReal-world POSIX applications ported to run as Lind cages — the compatibility test bed.
github.com/Lind-Project/lind-wasm-apps →The roadmap advances along two axes — new isolation backends, and deeper grate-based mediation — with project maturity (governance, releases, audits) developing alongside.
Lind is developed openly by a community of researchers and contributors. Join the conversation, come to a meeting, or open your first pull request.
We meet once a month to discuss roadmap progress, design questions, and contributions. Everyone is welcome — add it to your calendar.
Questions, ideas, or just curious? Find us in the #lind channel of the Secure Systems Lab Slack.
Issues, discussions, and pull requests all happen in the open. Contributing guides and good first issues live in the repos.
Explore the repolind-wasm is ready to explore today — documentation, dev containers, and a test suite to get you from clone to running cages.