Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Sandboxing
Top Forums Programming Sandboxing Post 302965396 by jim mcnamara on Thursday 28th of January 2016 11:23:50 AM
Old 01-28-2016
The reason this is not feasible is that the "API" or syscall responsible for connecting to the internat is open(). I'm not sure that a restricted shell will help with this. I hope jgt will chime in on this....

tcp sockets are treated as files by the OS. Of course the drivers are totally different. The reason iptables "works" is because it intercepts traffic at a very low level. The -j DROP will just disconnect any tcp request, based on using the -A chain specification OPEN.
 

LEARN ABOUT HPUX

getcontext

getcontext(2)							System Calls Manual						     getcontext(2)

NAME

       getcontext(), setcontext() - get and  set  current  user context

SYNOPSIS

       Deprecated

       Deprecated

DESCRIPTION

       The  function  initializes the structure pointed to by ucp to the current user context of the calling process. The ucontext_t type that ucp
       points to defines the user context and includes the contents of the calling process' machine registers, the signal mask,  and  the  current
       execution stack.

       The  function  restores	the  user context pointed to by ucp.  A successful call to does not return; program execution resumes at the point
       specified by the ucp argument passed to The ucp argument should be created either by a prior call to or by being passed as an argument to a
       signal handler.	If the ucp argument was created with program execution continues as if the corresponding call of had just returned. If the
       ucp argument was created with program execution continues with the function passed to When that function returns, the process continues	as
       if  after a call to with the ucp argument that was input to If the ucp argument was passed to a signal handler, program execution continues
       with the program instruction following the instruction interrupted by the signal. If the uc_link member of the structure pointed to by  the
       ucp  argument  is  equal  to  0, then this context is the main context, and the process will exit when this context returns. The effects of
       passing a ucp argument obtained from any other source are unspecified.

RETURN VALUE

       On successful completion, does not return and returns 0. Otherwise, a value of -1 is returned.

WARNINGS

       and are deprecated and should be used only by legacy applications.

       Context APIs are not recommended due to possible compatibility problems from release to release, because context APIs  are  very  architec-
       ture-specific.	The  context  APIs  "expose" the architecture to the application, such that the application may not be compatible with all
       releases.

       If you must use context APIs, be aware of the following:

       o  Do not copy the context yourself.  It is not contiguous.  The context may have pointers that may point  back	to  the  original  context
	  rather than in the copied context; hence, it will be broken.

       o  The size of the context will vary in length from release to release.

ERRORS

       No errors are defined.

APPLICATION USAGE

       When a signal handler is executed, the current user context is saved and a new context is created. If the process leaves the signal handler
       via then it is unspecified whether the context at the time of the corresponding call is restored and thus whether future calls to will pro-
       vide  an  accurate representation of the  current context, since the context restored by may not contain all the information that requires.
       Signal handlers should use or instead.

       Portable applications should not modify or access the uc_mcontext member of ucontext_t.	A portable application cannot assume that  context
       includes  any  process-wide  static  data,  possibly including Users manipulating contexts should take care to handle these explicitly when
       required.

SEE ALSO

       makecontext(2), sigaction(2), sigaltstack(2), sigprocmask(2), setjmp(3C), sigsetjmp(3C), <ucontext.h>.

								    Deprecated							     getcontext(2)
All times are GMT -4. The time now is 09:10 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy