sandboxadm - Sandbox administration
sandboxadm create -s <sandbox> -u <username> [[-c <classification] | [-p <parent_sandbox>]] [-g <group,[group]...] [-h <homedir>]
sandboxadm destroy -s <sandbox> [-u]
sandboxadm list [-l] [[-p <parent_sandbox> | -c]
sandboxadm info [-s <sandbox>] [-e]
sandboxadm verify -s <svcname> [-t | -u] [-k <keep_compartments>]
sandboxadm init [-f <encodings_file>] [-c <classification_prefix>] [-i <classification_instances>] [-s <compartment_prefix>] [-n <number_of_compartments>] [-x <extra_compartments>]
The sandboxadm command manages sandboxes which provide security isolation and resource management.
The following subcommands are supported:
Creates a new sandbox. This is a privileged operation requiring the use of the Sandbox Management rights profile. The create subcommand supports the following options:
Name of the new sandbox. The name is case-sensitive and must be unique. The sandbox name is also used to specify the project. A new project is created if none exists with that name.
The account to associate with the sandbox. If the account specified by the username does not exist, it is created along with a new home directory and the user's clearance is set to the label of the sandbox.
If the account already exists and does not have an explicit clearance, then the user's clearance is set to that of the sandbox. Otherwise, the user's clearance is set to the least upper bound of the existing clearance and the sandbox's label.
If a parent is specified for the sandbox then the account's home directory is recursively labeled with the sandbox's label. The account is added to the corresponding project.
The pathname to use when creating a new home directory. If it is not specified, then the default pathname set by setlabel(1) is used.
The groups to associate with the user. If specified, the first group is assigned as the primary group and the remainder are assigned as supplementary groups. The list of groups is applied when creating a new account and replaces the current groups for existing accounts.
The sandbox is created as a child of parent_sandbox. The classification of the new sandbox is copied from the parent and the compartment name is automatically generated by appending a unique integer to the default compartment prefix.
If –p option is not specified, then the sandbox is created as a parent sandbox.
The specified classification is used as the classification component of the label of the new parent sandbox. It is an error if the classification is already assigned to another sandbox.
If –c option is not specified, then the classification name is generated by appending a unique integer to the default classification name.
A compartment name is generated by appending "All" to the default compartment prefix. If any additional compartments are defined in the label_encodings(5) file, they are appended to the label.
Destroys an existing sandbox. If the sandbox has any children they must be destroyed before destroying the parent sandbox. This is a privileged operation requiring the use of the Sandbox Management rights profile.
The destroy subcommand supports the following options:
The name of the sandbox to destroy. If a corresponding project exists it is deleted.
If the specified account exists, it is removed along with its home directory.
Lists the sandbox names matching the specified options. The list subcommand supports the following options:
Specifies the long format which includes the label, username, and uid of each sandbox.
Lists the specified sandbox and all its children.
Lists the sandboxes that can contain or be the parent of child sandboxes.
Displays the attributes of a single sandbox. If no option is specified, then the current sandbox is used. The info subcommand supports the following options:
The specified sandbox is listed instead of the current sandbox.
Provides a summary of the current label properties including the pathname of the encodings file, and the available classification and compartment names.
Creates a new label encodings file using the specified properties. The minimum label, Public, is automatically included and the version is set to Sandbox Labels v1.0. The init subcommand supports the following options:
Specifies where the new encodings file will be created. The file properties can be committed by running the commands:
# cd /etc/security/tsol # labelcfg -e <encodings_file> commit
The file must be either created in /etc/security/tsol directory or copied there prior to committing it.
Specifies the prefix that will be used for classification names. Unique classification names are generated by appending consecutive integers starting at 1. The default prefix is Class. The suffix All is applied to the classification that dominates all numbered classifications.
Specifies the maximum number of classification instances that can be used.
Specifies the prefix that will be used for compartment names. Unique compartment names are generated by appending consecutive integers starting at 1. The default prefix is Sandbox. The suffix All is applied to the compartment that dominates all numbered compartments.
Specifies the maximum number of sandbox compartments that can be used.
Specifies additional compartment names that can be appended to any label except Public. Up to ten –x options can be specified.
Verifies that the sandbox is properly configured by exercising the various options for entering and exiting sandboxes The process attributes are listed after each transition. The subcommand then waits for a RETURN character before proceeding with the next transition.
The verify subcommand supports the following options:
Specifies the name of the sandbox to enter. The current process must be running in the parent sandbox of the specified sandbox or the current process clearance must be ADMIN_HIGH. The current clearance is lowered to that of the specified sandbox, unless –k option is specified.
Specifies the compartment names to preserve in the new clearance. If multiple compartments are specified, they are delimited by the space character. The compartments must be dominated by the current clearance.
Specifies that the transition is temporary. After pressing RETURN, the parent sandbox process attributes are restored. The attributes are listed before the process exits.
Specifies that the transition is permanent. After pressing RETURN, the user ID, primary group ID, and supplementary groups for the specified sandbox are set on the current process. The attributes are listed before the process exists.
The following exit values are returned:
The command was processed successfully.
An error occurred.
Invalid command line options were specified.
example$ sandboxadm list -l CDB1 username(uid): cdb1(15000) label: CDB1 SandboxAll DBFcdb DBFall FScdb CDB1_Sbox1 username(uid): cdb1sbox1(15001) label: CDB1 Sandbox1 CDB4 username(uid): oracle(20002) label: CDB4 SandboxAll DBFcdb DBFall FScdbExample 2 Showing the Current Labeling Properties
example$ sandboxadm info -e File: /etc/security/tsol/label_encodings.sandboxing Classifications: Public CDB1 - CDB8 CDBall Compartments: Sandbox1 - Sandbox4096 SandboxAll DBFcdb DBFall FScdb Sandbox: CDB6 container: CDB6_SboxAll username(uid): cdb6sbox1(10001) label: CDB6 Sandbox1
See attributes(7) for descriptions of the following attributes: