+++
date    = "2025-08-22T17:38:41+00:00"
lastmod = "2025-08-22T17:38:41+00:00"
tags    = [ "linux", "clips" ]
+++

Sandboxing in [systemd](https://wiki.archlinux.org/title/Systemd/Sandboxing)? I
would've shown my (somewhat manual) method but then I was strolling through
the GitHub and saw [shh](https://github.com/synacktiv/shh?tab=readme-ov-file#shh-systemd-hardening-helper)
(systemd hardening helper). It uses [strace](https://linux.die.net/man/1/strace) to generate suggestions. You'll
need to be extremely careful, playing inside a sandbox summons debugging hell. I
tried it briefly.

{{< video
  remote=true
  preload="none"
  caption="Plug it into whatever wild abstraction. Happy sandboxing."
  source="https://res.cloudinary.com/dpszgzqjb/video/upload/v1755883765/systemd-hardening.mp4"
  poster="https://res.cloudinary.com/dpszgzqjb/image/upload/v1755883764/systemd-hardening-poster.png"
>}}