/[path-sandbox]/trunk/README
Gentoo

Contents of /trunk/README

Parent Directory Parent Directory | Revision Log Revision Log


Revision 362 - (hide annotations) (download)
Sun Nov 9 08:19:31 2008 UTC (5 years, 11 months ago) by vapier
File size: 1195 byte(s)
also note InstallWatch as a related project
1 vapier 360 ---------
2     about
3     ---------
4    
5     Sandbox is a library (and helper utility) to run programs in a "sandboxed"
6     environment. This is used as a QA measure to try and prevent applications from
7     modifying files they should not.
8    
9     For example, in the Gentoo world we use it so we can build applications as root
10     and make sure that the build system does not do crazy things outside of its
11     build directory. Such as install files to the live root file system or modify
12     config files on the fly.
13    
14 vapier 362 For people who are familiar with the Debian "fakeroot" project or the RPM based
15     "InstallWatch", sandbox is in the same vein of projects.
16 vapier 360
17     ----------
18     method
19     ----------
20    
21     The way sandbox works is that you prime a few environment variables (in order
22     to control the sandbox's behavior) and then stick it into the LD_PRELOAD
23     variable. Then when the ELF loader runs, it will first load the sandbox
24     library. Whenever an applications makes a library call that we have wrapped,
25     we'll check the arguments against the environment settings. Based on that, any
26     access that is not permitted is logged and we return an error to the
27     application. Any access that is permitted is of course forwarded along to the
28     real C library.

Properties

Name Value
svn:eol-style native
svn:keywords Author Date Id Revision

  ViewVC Help
Powered by ViewVC 1.1.20