From Fedora Project Wiki

Revision as of 00:06, 2 November 2014 by Richz (talk | contribs) (Created page with "Sandboxing allows effective isolation of one or more processes with very little overhead as there is no need to emulate a complete virtual machine with an own operating system...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Sandboxing allows effective isolation of one or more processes with very little overhead as there is no need to emulate a complete virtual machine with an own operating system.

X programs can be also run in a sandbox which uses the Xephyr server.

Examples

Run Firefox in a sandbox with an virtual X server: 

mkdir -p ~/.sandbox/home ~/.sandbox/tmp
/usr/bin/sandbox -C -d 96 -M -X -H  ~/.sandbox/home -T ~/.sandbox/tmp -w 1280x1024 -t sandbox_web_t /usr/bin/firefox   &

This instance of Firefox has only access to files in ~/.sandbox/home, ~/.sandbox/tmp and a few other directories such as /dev. Cut & paste in an out the sandboxed Firefox is not possible

Packages

Currently sandbox is available with the policycoreutils-python package.

se-sandbox-runner provides a QT GUI.

Retrieved from "https://fedoraproject.org/w/index.php?title=Sandboxing&oldid=393561"