Go to main content

man pages section 1: User Commands

Exit Print View

Updated: Thursday, June 13, 2019
 
 

sandbox (1)

Name

sandbox - execute programs in a restricted environment

Synopsis

sandbox -s sandboxname [command]
sandbox [-n] [-l clearance] [command]

Description

The sandbox command can be used to execute programs in a restricted environment. By default it starts a restricted shell with a reduced process clearance.

If sandboxname is specified with the –s option, then the command is started with the process attributes and the home directory associated with the specified sandbox. Such sandboxes are created by using the sandboxadm(8) command. Although entering a sandbox is an unprivileged operation, the calling process must have the appropriate user id and clearance. For an overview see sandboxing(7).

The remainder of this section applies when sandboxname is not specified. The sandbox command should be executed in a subdirectory of the user's home directory which contains no sensitive files.

The restricted shell is started in a new session. By default, it reduces the current basic privilege set. It drops the proc_info and proc_session process privileges to prevent access to other programs running as the user. It sets an extended policy on the proc_exec privilege to prevent execution of programs unless they are either in the current directory or under the /usr directory.

If the –n option is specified, it also drops the net_access privilege to prevent any use of networking.

By default, it lowers the user's process clearance to ADMIN_LOW to prevent access to labeled files such as those in multilevel ZFS datasets. Alternatively, the user can specify any label that is dominated by clearance.

Prior to starting the sandbox, the user may use the setlabel(1) command to upgrade files and directories in the home directory, so that they are inaccessible to processes running in the sandbox.

Examples

Example 1 Running Firefox in a Restricted Environment
~alice:$ cd playground
~alice/playground:$ sandbox firefox
Example 2 Examining the Process Credentials
       ~alice:$ cd playground
	~alice/playground:$ sandbox -n
	~alice/playground:$ ppriv $$
	103889: /usr/bin/bash --login
	flags = PRIV_XPOLICY
		Extended policies:
			{proc_exec}:/export/home/alice/playground
			{proc_exec}:/usr/*
		E: basic,!net_access,!proc_exec,!proc_info,!proc_session
		I: basic,!net_access,!proc_exec,!proc_info,!proc_session
		P: basic,!net_access,!proc_exec,!proc_info,!proc_session
		L: all
	~alice/playground:$ plabel $$
	103889: ADMIN_LOW

Attributes

See attributes(7) for descriptions of the following attributes:

ATTRIBUTE TYPE
ATTRIBUTE VALUE
Availability
system/file_labeling

See Also

plabel(1), setlabel(1), privileges(7), sandboxing(7), sandboxadm(8), setlabel(1)