Sandboxing Post: 302965360

Sponsored Content

Top Forums Programming Sandboxing Post 302965360 by cman on Wednesday 27th of January 2016 08:25:13 PM

01-27-2016

Registered User

Thank you for the replies! I didn't know that it wasn't feasible to restrict API access to a process using the current design of the operating system ( maybe such features could be integrated into the operating systems design someday ). I've actually used the method that jim mcnamara provided so I know that this is one way to sandbox ( jgt's suggestion is new to me - I've not heard about restricted shells ). I've also heard of using Linux Namespaces , the "unshare" command to restrict programs ( maybe I could look at the source code of this application ) . I know you can use the Selinux sandbox function for this purpose too , so I guess there are a lot of options for doing this.

cman

View Public Profile for cman

Find all posts by cman

LEARN ABOUT MOJAVE

sandbox_init

SANDBOX_INIT(3) 					   BSD Library Functions Manual 					   SANDBOX_INIT(3)

NAME

     sandbox_init, sandbox_free_error -- set process sandbox (DEPRECATED)

SYNOPSIS

     #include <sandbox.h>

     int
     sandbox_init(const char *profile, uint64_t flags, char **errorbuf);

     void
     sandbox_free_error(char *errorbuf);

DESCRIPTION

     The sandbox_init() and sandbox_free_error() functions are DEPRECATED.  Developers who wish to sandbox an app should instead adopt the App
     Sandbox feature described in the App Sandbox Design Guide.

     The sandbox_init() function places the current process into a sandbox(7). The NUL-terminated string profile specifies the profile to be used
     to configure the sandbox.	The flags specified are formed by or'ing the following values:

     SANDBOX_NAMED	     The profile argument specifies a sandbox profile named by one of the constants given in the AVAILABLE PROFILES sec-
			     tion below.

     The out parameter *errorbuf will be set according to the error status.

RETURN VALUES

     Upon successful completion of sandbox_init(), a value of 0 is returned and *errorbuf is set to NULL.  In the event of an error, a value of -1
     is returned and *errorbuf is set to a pointer to a NUL-terminated string describing the error.  This string may contain embedded newlines.
     This error information is suitable for developers and is not intended for end users.  This pointer should be passed to sandbox_free_error(3)
     to release the allocated storage when it is no longer needed.

AVAILABLE PROFILES

     The following are brief descriptions of each available profile.  Keep in mind that sandbox(7) restrictions are typically enforced at resource
     acquisition time.

     kSBXProfileNoInternet		TCP/IP networking is prohibited.  DEPRECATED.

     kSBXProfileNoNetwork		All sockets-based networking is prohibited.  DEPRECATED.

     kSBXProfileNoWrite 		File system writes are prohibited.  DEPRECATED.

     kSBXProfileNoWriteExceptTemporary	File system writes are restricted to the temporary folder /var/tmp and the folder specified by the
					confstr(3) configuration variable _CS_DARWIN_USER_TEMP_DIR.  DEPRECATED.

     kSBXProfilePureComputation 	All operating system services are prohibited.  DEPRECATED.

SEE ALSO

     sandbox-exec(1), sandbox(7), sandboxd(8)

Mac OS X							   March 9, 2017							  Mac OS X