Produkte Little Snitch Little Snitch Mini Micro Snitch LaunchBar Internet Access Policy Viewer Mehr Produkte Shop Support Blog

Download Little Snitch for Linux

We offer packages for four major 64-bit CPU architectures found in desktop and laptop computers today. For each architecture, we provide .deb (Debian, Ubuntu, Mint, Kali, …), .rpm (Fedora, RHEL, openSUSE, CentOS, …) and .pkg.tar.zst (Arch, Manjaro, CachyOS, EndeavourOS, …). Choose the right combination from the list below. For statically linked binaries scroll down.

Packages
littlesnitch-1.0.3-1-aarch64.pkg.tar.zst Download5.7 MB
littlesnitch-1.0.3-1-ppc64le.pkg.tar.zst Download6.2 MB
littlesnitch-1.0.3-1-riscv64.pkg.tar.zst Download5.6 MB
littlesnitch-1.0.3-1-x86_64.pkg.tar.zst Download6.0 MB
littlesnitch-1.0.3-1.aarch64.rpm Download6.2 MB
littlesnitch-1.0.3-1.ppc64le.rpm Download6.6 MB
littlesnitch-1.0.3-1.riscv64.rpm Download5.9 MB
littlesnitch-1.0.3-1.x86_64.rpm Download6.6 MB
littlesnitch_1.0.3_amd64.deb Download6.6 MB
littlesnitch_1.0.3_arm64.deb Download6.2 MB
littlesnitch_1.0.3_ppc64el.deb Download6.6 MB
littlesnitch_1.0.3_riscv64.deb Download5.9 MB

Minimum system requirements

Kernel version

Little Snitch for Linux requires Linux kernel 6.12 or newer, built with BTF support. In practice this means Debian 13, Ubuntu 25.04, Mint 22, Fedora 40, RHEL 10. If you're unsure which kernel you're running, uname -r will tell you.

The 6.12 requirement exists because that release significantly improved the eBPF verifier's ability to follow program logic, which reduces the number of code paths it needs to analyze. There is some hope that a future refactor of the eBPF code could bring compatibility down to kernel 5.17, but that hasn't happened yet.

BTF and function tracer support

BTF is what makes CO-RE (Compile Once – Run Everywhere) possible. This mechanism lets Little Snitch run across different kernel versions without needing to be recompiled for each one, the way a traditional loadable kernel module would. It works by reading kernel-provided metadata from /sys/kernel/btf/, which describes the data structures and function addresses of the running kernel.

All major distributions enable BTF by default, and its presence is easy to verify: if /sys/kernel/btf/ exists, you're good. The exception is kernels built for embedded systems or low-memory hardware, which sometimes omit BTF to save space. Those kernels are incompatible with Little Snitch regardless of their version number.

Function tracing allows BPF programs to intercept any function in the kernel, private or public, and inspect the function's arguments. Little Snitch uses a tracing program to find the executable file node before it is possibly passed to an interpreter. This way it can show the path to a script, not just the interpreter's path. The kernel must be built with CONFIG_FUNCTION_TRACER=y and popular Linux distributions are.

Hardened kernels

Little Snitch for Linux relies on the eBPF helper `bpf_probe_read_kernel()` for computing the file system path of executables from the kernel's internal structures. This helper may not be available on hardened kernels for security and privacy reasons, so Little Snitch is incompatible with these versions.

Verifying download integrity

To check the integrity of downloaded packages, download the following two files and follow the instructions in the .hashes.txt file.

Integrity Check
littlesnitch-1.0.3.hashes.txt Download3.10 kB
littlesnitch-1.0.3.hashes.txt.sig.github.json Download5.03 kB

Statically linked binaries

If our binary does not run on your computer, telling you that a library is missing, you can try our statically linked binaries. These binaries have almost no external library dependency.

The archives below contain only the binary. No installer packages, no supporting files. If your machine runs systemd, you can extract the systemd unit from one of the packages above. For other init systems just make sure to run littlesnitch --daemon on system start. The daemon manages everything else.

Statically Linked
littlesnitch-1.0.3-amd64-linux-musl.tar.gz Download7.2 MB
littlesnitch-1.0.3-arm64-linux-musl.tar.gz Download6.7 MB
littlesnitch-1.0.3-ppc64le-linux-musl.tar.gz Download7.3 MB

(RISC-V/musl is currently not supported by the build system.)

Legacy versions

Legacy versions can be downloaded here. Please note that new versions may fix vulnerabilities and running legacy versions may be a security risk.

Release Notes

April 18, 2026

Little Snitch for Linux 1.0.3 (10003)

Improvements

  • Offer presets when adding a new blocklist (thanks to overflo for this contribution).
  • Security improvements: the daemon now runs sandboxed and permanently drops all capabilities after loading eBPF programs. Note that this may have introduced new bugs, as we cannot guarantee which capabilities and file paths are used by library code.
  • Further reduced verification time of the eBPF programs on Linux 6.19.4 and above.
  • Downloads now include a statically linked binary and packages for PPC64LE.
  • If the system has less than 16 GB of memory, eBPF programs are loaded sequentially, trading longer load times for lower memory consumption.
April 15, 2026

Little Snitch for Linux 1.0.2 (10002)

This bugfix release addresses the following issues:

  • The previous fix for Btrfs in version 1.0.1 introduced a new bug where connections were attributed to the wrong executables. Little Snitch sometimes showed a parent which executed the program as the connecting program. This was a consequence of using mount IDs to identify mount points between user space and kernel. This version handles the entire path construction in the kernel.
  • Optimized loops in eBPF to reduce complexity seen by eBPF verifier. Little Snitch now runs on the latest kernel versions 6.19.4 and above, including the new 7.0 (and 7.1 preview) kernels.
April 10, 2026

Little Snitch for Linux 1.0.1 (10001)

This bugfix release fixes an issue with Btrfs: Executables on Btrfs appeared as "Not Identified" processes.

It does not fix an incompatibility with Linux 6.19 where the eBPF verifier rejects our program.

April 8, 2026

Little Snitch for Linux 1.0 (10000)

This is the first public release of Little Snitch for Linux. We hope it proves useful — and perhaps a little eye-opening.

Little Snitch

Features Was ist neu Download Release Notes Upgrade

Little Snitch Mini

Features Vergleiche

Andere Produkte

LaunchBar Micro Snitch IAP Viewer

Ressourcen

Internet Access Policy Blog Support Kontaktiere uns Lizenzschlüssel verloren

Ressourcen

Internet Access Policy Blog Support Kontaktiere uns Lizenzschlüssel verloren

Unternehmen

Über uns Presse Datenschutz AGB

 

Little Snitch

LaunchBar

© 2026 Objective Development Software GmbH

EnglishDeutsch