Replace namespaces+cgroups with Landlock+BPF LSM+prlimit

Signed-off-by: Cong Wang <cwang@multikernel.io>

Author: congwang-mk

.gitignore

@@ -8,3 +8,6 @@ build/
 *.so
 .pytest_cache/
 .mypy_cache/
+
+# Generated BPF headers (regenerate via: make -C src/branching/process/bpf vmlinux.h)
+src/branching/process/bpf/vmlinux.h

README.md

@@ -359,7 +359,8 @@ with ws.branch("strategy_a") as a:
 ### Process isolation
 
 For untrusted or crash-prone agent code, `BranchContext` runs each task in
-a sandboxed child process with its own filesystem view. No root needed.
+a sandboxed child process confined to its own branch via Landlock. No root
+needed.
 
 ```python
 from branching import BranchContext
@@ -392,14 +393,14 @@ outcome = Speculate(candidates, isolate_processes=True, timeout=60)(ws)
 
 ### Resource limits
 
-Constrain per-branch memory and CPU via cgroup v2. Passing
+Constrain per-branch memory and CPU via setrlimit(2). Passing
 `resource_limits` to any pattern automatically enables process isolation -
-each branch runs in a forked child with cgroup enforcement.
+each branch runs in a forked child with limits enforced.
 
 ```python
 from branching import ResourceLimits, BestOfN
 
-limits = ResourceLimits(memory=512 * 1024 * 1024, cpu=0.5)  # 512 MB, 50% CPU
+limits = ResourceLimits(memory=512 * 1024 * 1024, cpu_time=30)  # 512 MB, 30s CPU
 
 outcome = BestOfN(candidates, resource_limits=limits)(ws)
 ```
@@ -495,13 +496,20 @@ first-winner-commit semantics.
 
 You just create a `Workspace` pointed at a mounted BranchFS path.
 
-Process isolation (`BranchContext`) uses unprivileged Linux user namespaces
-to give each child its own filesystem view. No root required - works on any
-Linux distribution with `unprivileged_userns_clone=1` (the default).
-
-Resource limits (`ResourceLimits`) use cgroup v2 to enforce per-branch
-memory and CPU constraints. Each branch gets its own cgroup scope with
-limits applied before the child process starts. Requires cgroup v2 with
-the memory and cpu controllers enabled (the default on modern systemd
-distributions).
+Process isolation (`BranchContext`) uses fork + Landlock LSM + BPF LSM to
+sandbox each child process. No namespaces, no cgroups, no root required:
+
+- **Landlock LSM** (Linux 5.13+) confines each child to its own branch.
+  The child can read the filesystem outside the workspace but can only write
+  under its branch path. Sibling branches and the mount root are denied.
+  `LANDLOCK_ACCESS_FS_REFER` is included in the handled set so that
+  rename/link across the branch boundary is blocked.
+- **BPF LSM** provides inescapable process tracking. All descendants of a
+  branched process inherit the branch ID, enabling atomic teardown of an
+  entire branch's process tree. Requires `CONFIG_BPF_LSM=y` and
+  `lsm=...,bpf,...` in the kernel command line.
+- **setrlimit(2)** enforces per-branch resource limits (memory via
+  `RLIMIT_AS`, CPU time via `RLIMIT_CPU`, process count via `RLIMIT_NPROC`).
+  Lightweight alternative to cgroups -- no cgroupfs infrastructure needed,
+  limits are inherited by children on fork.
 

pyproject.toml

@@ -26,5 +26,8 @@ branching = "cli:main"
 [tool.setuptools.packages.find]
 where = ["src"]
 
+[tool.setuptools.package-data]
+"branching.process.bpf" = ["*.bpf.o"]
+
 [tool.pytest.ini_options]
 testpaths = ["tests"]

src/branching/__init__.py

@@ -3,8 +3,8 @@
 BranchContext - Unified branching for speculative execution.
 
 Supports filesystem branching (BranchFS FUSE), process branching
-(fork + namespaces), and AI agent integration patterns (speculation,
-best-of-N, reflexion, tree-of-thoughts).
+(fork + Landlock + BPF LSM), and AI agent integration patterns
+(speculation, best-of-N, reflexion, tree-of-thoughts).
 
 Layers are loaded lazily — importing only what you need avoids pulling
 in unrelated dependencies:
@@ -35,7 +35,6 @@
     MountError,
     ProcessBranchError,
     ForkError,
-    NamespaceError,
     MemoryBranchError,
 )
 
@@ -68,7 +67,6 @@
     "MountError",
     "ProcessBranchError",
     "ForkError",
-    "NamespaceError",
     "MemoryBranchError",
 ]