Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Sandboxing
Top Forums Programming Sandboxing Post 302965348 by cman on Wednesday 27th of January 2016 02:33:39 PM
Old 01-27-2016
Sandboxing
Is it possible to write an application in "c" that can be used to start other applications and limit a process from using certain Linux APIs ( in this case I want to keep a process from being able to access the internet ) ? I've been reading "The Linux Programming Interface" by Micheal Kerrisk , but the section on "Linux Capabilities" isn't very thorough ( I think this is how such a think might be accomplished ). I'd like to write a program for "sandboxing" other programs. Any suggestions or example code would be appreciated.
 

LEARN ABOUT DEBIAN

fifo

FIFO(7) 						     Linux Programmer's Manual							   FIFO(7)

NAME

       fifo - first-in first-out special file, named pipe

DESCRIPTION

       A FIFO special file (a named pipe) is similar to a pipe, except that it is accessed as part of the file system.	It can be opened by multi-
       ple processes for reading or writing.  When processes are exchanging data via the FIFO, the kernel passes all data internally without writ-
       ing it to the file system.  Thus, the FIFO special file has no contents on the file system; the file system entry merely serves as a refer-
       ence point so that processes can access the pipe using a name in the file system.

       The kernel maintains exactly one pipe object for each FIFO special file that is opened by at least one process.	The FIFO must be opened on
       both ends (reading and writing) before data can be passed.  Normally, opening the FIFO blocks until the other end is opened also.

       A  process  can	open  a FIFO in nonblocking mode.  In this case, opening for read only will succeed even if no-one has opened on the write
       side yet, opening for write only will fail with ENXIO (no such device or address) unless the other end has already been opened.

       Under Linux, opening a FIFO for read and write will succeed both in blocking and nonblocking mode.  POSIX leaves this  behavior	undefined.
       This can be used to open a FIFO for writing while there are no readers available.  A process that uses both ends of the connection in order
       to communicate with itself should be very careful to avoid deadlocks.

NOTES

       When a process tries to write to a FIFO that is not opened for read on the other side, the process is sent a SIGPIPE signal.

       FIFO special files can be created by mkfifo(3), and are indicated by ls -l with the file type 'p'.

SEE ALSO

       mkfifo(1), open(2), pipe(2), sigaction(2), signal(2), socketpair(2), mkfifo(3), pipe(7)

COLOPHON

       This page is part of release 3.44 of the Linux man-pages project.  A description of the project, and information about reporting bugs,  can
       be found at http://www.kernel.org/doc/man-pages/.

Linux								    2008-12-03								   FIFO(7)
All times are GMT -4. The time now is 03:16 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy