sandbox - execute programs in a restricted environment
sandbox -s sandboxname [command]
sandbox [-n] [-l clearance] [command]
The sandbox command can be used to execute programs in a restricted environment. By default it starts a restricted shell with a reduced process clearance.
If sandboxname is specified with the –s option, then the command is started with the process attributes and the home directory associated with the specified sandbox. Such sandboxes are created by using the sandboxadm(8) command. Although entering a sandbox is an unprivileged operation, the calling process must have the appropriate user id and clearance. For an overview see sandboxing(7).
The remainder of this section applies when sandboxname is not specified. The sandbox command should be executed in a subdirectory of the user's home directory which contains no sensitive files.
The restricted shell is started in a new session. By default, it reduces the current basic privilege set. It drops the proc_info and proc_session process privileges to prevent access to other programs running as the user. It sets an extended policy on the proc_exec privilege to prevent execution of programs unless they are either in the current directory or under the /usr directory.
If the –n option is specified, it also drops the net_access privilege to prevent any use of networking.
By default, it lowers the user's process clearance to ADMIN_LOW to prevent access to labeled files such as those in multilevel ZFS datasets. Alternatively, the user can specify any label that is dominated by clearance.
Prior to starting the sandbox, the user may use the setlabel(1) command to upgrade files and directories in the home directory, so that they are inaccessible to processes running in the sandbox.
~alice:$ cd playground ~alice/playground:$ sandbox firefoxExample 2 Examining the Process Credentials
~alice:$ cd playground
~alice/playground:$ sandbox -n
~alice/playground:$ ppriv $$
103889: /usr/bin/bash --login
flags = PRIV_XPOLICY
Extended policies:
{proc_exec}:/export/home/alice/playground
{proc_exec}:/usr/*
E: basic,!net_access,!proc_exec,!proc_info,!proc_session
I: basic,!net_access,!proc_exec,!proc_info,!proc_session
P: basic,!net_access,!proc_exec,!proc_info,!proc_session
L: all
~alice/playground:$ plabel $$
103889: ADMIN_LOW
See attributes(7) for descriptions of the following attributes:
|
plabel(1), setlabel(1), privileges(7), sandboxing(7), sandboxadm(8)
The sandbox command was added in Solaris 11.4.0.