LandJail
landjail Jail Type
> [!NOTE] > Agent Firewall requires the AI Governance Add-On. > As of Coder v2.32, deployments without the add-on will not be able to > access Agent Firewall.
landjail is Agent Firewall's alternative jail type that uses Landlock V4 for network isolation.
Overview
Agent Firewall uses Landlock V4 to enforce network restrictions:
- All
bindsyscalls are forbidden - All
connectsyscalls are forbidden except to the port that is used by http proxy
This provides network isolation without requiring network namespace capabilities or special Docker permissions.