[gentoo-user] what is sandbox ?

[gentoo-user] what is sandbox ?

[Antonio Coralles]

I've just read that word a couple of times now - but after sanbox was
installed on my system becuause of the latest portage upgrade - i'm
really courios to know what this tool is about ...

Maybe someone can tell me more than http://gentoo-wiki.com/Sandbox ...
Antonio
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] what is sandbox ?

[Zac Medico]

Antonio Coralles wrote:
> I've just read that word a couple of times now - but after sanbox was
> installed on my system becuause of the latest portage upgrade - i'm
> really courios to know what this tool is about ...
> 
> Maybe someone can tell me more than http://gentoo-wiki.com/Sandbox ...
> Antonio

When a program is run with a shared library in the LD_PRELOAD environment variable it allows system calls to be overridden.  See the ld.so manpage for details.  Sandbox overrides execve and all the basic file operations and in order to act as a file security manager for an untrusted process and every program that it spawns.

There is a script called sandboxshell (emerge sandboxshell) that helps you to run any program you want inside of a sandbox.  Other interesting LD_PRELOAD hacks are fakeroot which fools programs into believing that they run as root and checkinstall/installwatch which logs files installed by "make install" so that they can be uninstalled later.

Zac
-- 
gentoo-user@gentoo.org mailing list