[gentoo-dev] Sandbox

[gentoo-dev] Sandbox

[Julien Herfurth]

Hi all,

Would you consider making the sandbox a package on its own, as it is a
very nice tool when building from sources. I think at LFS users or
people like me that love playing with mini-distros and building them
from sources. Perhaps a man page would be useful too.

Regards,

Julien


--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] Sandbox

[Kumba]

MooktaKiNG wrote:
> OK i feel a bit dumb here. But could someone please explain to me
> what sandbox is used for?
> 
> Sorry, this is a bit out of topic, but i can't help my curiosity :-)
> 
> 

I believe it's basically a glibc wrapper, intercepting system calls and 
dropping calls that'd be too dangerous to execute.  Hence its name, 
"Sandbox".

--Kumba


--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] Sandbox

[MooktaKiNG]

OK i feel a bit dumb here. But could someone please explain to me
what sandbox is used for?

Sorry, this is a bit out of topic, but i can't help my curiosity :-)

> Hi all,
>
> Would you consider making the sandbox a package on its own, as it is
> a
> very nice tool when building from sources. I think at LFS users or
> people like me that love playing with mini-distros and building them
> from sources. Perhaps a man page would be useful too.
>
> Regards,
>
> Julien
>
>
> --
> gentoo-dev@gentoo.org mailing list
>
>


-------------------------------------------------
Please wait while you are redirected to my signature......

--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] Sandbox

[Paul de Vrieze]

[-- Attachment #1: signed data --]
[-- Type: text/plain, Size: 748 bytes --]

 On Thursday 12 June 2003 00:38, Kumba wrote:
> MooktaKiNG wrote:
> > OK i feel a bit dumb here. But could someone please explain to me
> > what sandbox is used for?
> >
> > Sorry, this is a bit out of topic, but i can't help my curiosity :-)
>
> I believe it's basically a glibc wrapper, intercepting system calls and
> dropping calls that'd be too dangerous to execute.  Hence its name,
> "Sandbox".
>

It is, it is basically a library that intercepts calls and that is preloaded 
using LD_PRELOAD. It's behaviour is determined by a number of environment 
variables, that might be better documented than they are right now.

Paul

-- 
Paul de Vrieze
Researcher
Mail: pauldv@cs.kun.nl
Homepage: http://www.cs.kun.nl/~pauldv

[-- Attachment #2: signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] Sandbox

[Martin Schlemmer]

[-- Attachment #1: Type: text/plain, Size: 1289 bytes --]

On Thu, 2003-06-12 at 10:18, Paul de Vrieze wrote:
>  On Thursday 12 June 2003 00:38, Kumba wrote:
> > MooktaKiNG wrote:
> > > OK i feel a bit dumb here. But could someone please explain to me
> > > what sandbox is used for?
> > >
> > > Sorry, this is a bit out of topic, but i can't help my curiosity :-)
> >
> > I believe it's basically a glibc wrapper, intercepting system calls and
> > dropping calls that'd be too dangerous to execute.  Hence its name,
> > "Sandbox".
> >
> 
> It is, it is basically a library that intercepts calls and that is preloaded 
> using LD_PRELOAD. It's behaviour is determined by a number of environment 
> variables, that might be better documented than they are right now.
> 

And are pretty portage specific.  There are a lot of other packages out
there that does the same thing, and as I do not have the time (or
inclination) to take time to get it more 'standalone', or changes that
do that will take long time to get to cvs (since it can easily break an
already volatile package), rather try another package.

 http://www.jkcal.org/simon/itrace.html
 http://asic-linux.com.mx/~izto/installwatch.html


Regards,

-- 

Martin Schlemmer
Gentoo Linux Developer, Desktop/System Team Developer
Cape Town, South Africa



[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]