Contents of /trunk/README

Parent Directory Parent Directory | Revision Log Revision Log

Revision 360 - (show annotations) (download)
Sun Nov 9 08:16:55 2008 UTC (7 years, 8 months ago) by vapier
File size: 1155 byte(s)
add some info on this project
1 ---------
2 about
3 ---------
5 Sandbox is a library (and helper utility) to run programs in a "sandboxed"
6 environment. This is used as a QA measure to try and prevent applications from
7 modifying files they should not.
9 For example, in the Gentoo world we use it so we can build applications as root
10 and make sure that the build system does not do crazy things outside of its
11 build directory. Such as install files to the live root file system or modify
12 config files on the fly.
14 For people who are familiar with the Debian "fakeroot" project, sandbox is very
15 similar to that.
17 ----------
18 method
19 ----------
21 The way sandbox works is that you prime a few environment variables (in order
22 to control the sandbox's behavior) and then stick it into the LD_PRELOAD
23 variable. Then when the ELF loader runs, it will first load the sandbox
24 library. Whenever an applications makes a library call that we have wrapped,
25 we'll check the arguments against the environment settings. Based on that, any
26 access that is not permitted is logged and we return an error to the
27 application. Any access that is permitted is of course forwarded along to the
28 real C library.


Name Value
svn:eol-style native
svn:keywords Author Date Id Revision

  ViewVC Help
Powered by ViewVC 1.1.20