Go to main content

man pages section 8: System Administration Commands

Exit Print View

Updated: Thursday, March 14, 2019
 
 

sandboxadm (8)

Name

sandboxadm - Sandbox administration

Synopsis

/usr/bin/sandboxadm
sandboxadm create -s <sandbox> -u <username>
               [[-c <classification] | [-p <parent_sandbox>]]
               [-g <group,[group]...]
               [-h <homedir>]
sandboxadm destroy -s <sandbox> [-u]
sandboxadm list [-l] [[-p <parent_sandbox> | -c]
sandboxadm info [-s <sandbox>] [-e]
sandboxadm verify -s <svcname> [-t | -u] [-k <keep_compartments>]
sandboxadm init
		[-f <encodings_file>]
		[-c <classification_prefix>]
		[-i <classification_instances>]
		[-s <compartment_prefix>]
		[-n <number_of_compartments>]
		[-x <extra_compartments>]

Description

The sandboxadm command manages sandboxes which provide security isolation and resource management.

Sub Commands

The following subcommands are supported:

create

Creates a new sandbox. This is a privileged operation requiring the use of the Sandbox Management rights profile. The create subcommand supports the following options:

–s sandbox

Name of the new sandbox. The name is case-sensitive and must be unique. The sandbox name is also used to specify the project. A new project is created if none exists with that name.

–u username

The account to associate with the sandbox. If the account specified by the username does not exist, it is created along with a new home directory and the user's clearance is set to the label of the sandbox.

If the account already exists and does not have an explicit clearance, then the user's clearance is set to that of the sandbox. Otherwise, the user's clearance is set to the least upper bound of the existing clearance and the sandbox's label.

If a parent is specified for the sandbox then the account's home directory is recursively labeled with the sandbox's label. The account is added to the corresponding project.

–h homedir

The pathname to use when creating a new home directory. If it is not specified, then the default pathname set by setlabel(1) is used.

–g group,[group]...

The groups to associate with the user. If specified, the first group is assigned as the primary group and the remainder are assigned as supplementary groups. The list of groups is applied when creating a new account and replaces the current groups for existing accounts.

–p parent_sandbox

The sandbox is created as a child of parent_sandbox. The classification of the new sandbox is copied from the parent and the compartment name is automatically generated by appending a unique integer to the default compartment prefix.

If –p option is not specified, then the sandbox is created as a parent sandbox.

–c classification

The specified classification is used as the classification component of the label of the new parent sandbox. It is an error if the classification is already assigned to another sandbox.

If –c option is not specified, then the classification name is generated by appending a unique integer to the default classification name.

A compartment name is generated by appending "All" to the default compartment prefix. If any additional compartments are defined in the label_encodings(5) file, they are appended to the label.

destroy

Destroys an existing sandbox. If the sandbox has any children they must be destroyed before destroying the parent sandbox. This is a privileged operation requiring the use of the Sandbox Management rights profile.

The destroy subcommand supports the following options:

–s sandbox

The name of the sandbox to destroy. If a corresponding project exists it is deleted.

–u username

If the specified account exists, it is removed along with its home directory.

list

Lists the sandbox names matching the specified options. The list subcommand supports the following options:

–l

Specifies the long format which includes the label, username, and uid of each sandbox.

–p parent_sandbox

Lists the specified sandbox and all its children.

–c

Lists the sandboxes that can contain or be the parent of child sandboxes.

info

Displays the attributes of a single sandbox. If no option is specified, then the current sandbox is used. The info subcommand supports the following options:

–s sandbox

The specified sandbox is listed instead of the current sandbox.

–e

Provides a summary of the current label properties including the pathname of the encodings file, and the available classification and compartment names.

init

Creates a new label encodings file using the specified properties. The minimum label, Public, is automatically included and the version is set to Sandbox Labels v1.0. The init subcommand supports the following options:

–f encodings_file

Specifies where the new encodings file will be created. The file properties can be committed by running the commands:

# cd /etc/security/tsol
# labelcfg -e <encodings_file> commit

The file must be either created in /etc/security/tsol directory or copied there prior to committing it.

–c classification_prefix

Specifies the prefix that will be used for classification names. Unique classification names are generated by appending consecutive integers starting at 1. The default prefix is Class. The suffix All is applied to the classification that dominates all numbered classifications.

–i classification_instances

Specifies the maximum number of classification instances that can be used.

–s compartment_prefix

Specifies the prefix that will be used for compartment names. Unique compartment names are generated by appending consecutive integers starting at 1. The default prefix is Sandbox. The suffix All is applied to the compartment that dominates all numbered compartments.

–n number_of_compartments

Specifies the maximum number of sandbox compartments that can be used.

–x extra_compartments

Specifies additional compartment names that can be appended to any label except Public. Up to ten –x options can be specified.

verify

Verifies that the sandbox is properly configured by exercising the various options for entering and exiting sandboxes The process attributes are listed after each transition. The subcommand then waits for a RETURN character before proceeding with the next transition.

The verify subcommand supports the following options:

–s sandbox

Specifies the name of the sandbox to enter. The current process must be running in the parent sandbox of the specified sandbox or the current process clearance must be ADMIN_HIGH. The current clearance is lowered to that of the specified sandbox, unless –k option is specified.

–k keep_compartments

Specifies the compartment names to preserve in the new clearance. If multiple compartments are specified, they are delimited by the space character. The compartments must be dominated by the current clearance.

–t

Specifies that the transition is temporary. After pressing RETURN, the parent sandbox process attributes are restored. The attributes are listed before the process exits.

–u

Specifies that the transition is permanent. After pressing RETURN, the user ID, primary group ID, and supplementary groups for the specified sandbox are set on the current process. The attributes are listed before the process exists.

Exit Status

The following exit values are returned:

0

The command was processed successfully.

1

An error occurred.

2

Invalid command line options were specified.

Examples

Example 1 Listing the Current Sandboxes
       example$ sandboxadm list -l
	CDB1
	    username(uid):	   cdb1(15000)
	    label:		     CDB1 SandboxAll DBFcdb DBFall FScdb
	    CDB1_Sbox1
		 username(uid):	cdb1sbox1(15001)
		 label:		  CDB1 Sandbox1
	CDB4
	    username(uid):	   oracle(20002)
	    label:		    CDB4 SandboxAll DBFcdb DBFall FScdb
Example 2 Showing the Current Labeling Properties
       example$ sandboxadm info -e
	File: /etc/security/tsol/label_encodings.sandboxing

	Classifications:
	    Public
	    CDB1 - CDB8
	    CDBall

	Compartments:
	    Sandbox1 - Sandbox4096
	    SandboxAll
	    DBFcdb
	    DBFall
	    FScdb

	Sandbox: CDB6
	    container:	CDB6_SboxAll
	    username(uid):  cdb6sbox1(10001)
	    label:	    CDB6 Sandbox1

Attributes

See attributes(7) for descriptions of the following attributes:

ATTRIBUTE TYPE
ATTRIBUTE VALUE
Availability
security/sandboxing
Interface Stability
Committed

See Also

sandbox(1), sandbox_create(3SANDBOX), label_encodings(5), clearance(7), labels(7), setlabel(1)