Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

sandbox_init(3) [osx man page]

SANDBOX_INIT(3) 					   BSD Library Functions Manual 					   SANDBOX_INIT(3)

NAME

     sandbox_init, sandbox_free_error -- set process sandbox (DEPRECATED)

SYNOPSIS

     #include <sandbox.h>

     int
     sandbox_init(const char *profile, uint64_t flags, char **errorbuf);

     void
     sandbox_free_error(char *errorbuf);

DESCRIPTION

     The sandbox_init() and sandbox_free_error() functions are DEPRECATED.  Developers who wish to sandbox an app should instead adopt the App
     Sandbox feature described in the App Sandbox Design Guide.

     The sandbox_init() function places the current process into a sandbox(7). The NUL-terminated string profile specifies the profile to be used
     to configure the sandbox.	The flags specified are formed by or'ing the following values:

     SANDBOX_NAMED	     The profile argument specifies a sandbox profile named by one of the constants given in the AVAILABLE PROFILES sec-
			     tion below.

     The out parameter *errorbuf will be set according to the error status.

RETURN VALUES

     Upon successful completion of sandbox_init(), a value of 0 is returned and *errorbuf is set to NULL.  In the event of an error, a value of -1
     is returned and *errorbuf is set to a pointer to a NUL-terminated string describing the error.  This string may contain embedded newlines.
     This error information is suitable for developers and is not intended for end users.  This pointer should be passed to sandbox_free_error(3)
     to release the allocated storage when it is no longer needed.

AVAILABLE PROFILES

     The following are brief descriptions of each available profile.  Keep in mind that sandbox(7) restrictions are typically enforced at resource
     acquisition time.

     kSBXProfileNoInternet		TCP/IP networking is prohibited.

     kSBXProfileNoNetwork		All sockets-based networking is prohibited.

     kSBXProfileNoWrite 		File system writes are prohibited.

     kSBXProfileNoWriteExceptTemporary	File system writes are restricted to the temporary folder /var/tmp and the folder specified by the
					confstr(3) configuration variable _CS_DARWIN_USER_TEMP_DIR.

     kSBXProfilePureComputation 	All operating system services are prohibited.

SEE ALSO

     sandbox-exec(1), sandbox(7), sandboxd(8)

Mac OS X							 November 15, 2011							  Mac OS X

Check Out this Related Man Page

RUNKIT_SANDBOX_OUTPUT_HANDLER(3)					 1					  RUNKIT_SANDBOX_OUTPUT_HANDLER(3)

runkit_sandbox_output_handler - Specify a function to capture and/or process output from a runkit sandbox

SYNOPSIS

       mixed runkit_sandbox_output_handler (object  $sandbox, [mixed  $callback])

DESCRIPTION

	Ordinarily,  anything  output  (such  as with echo(3) or print(3)) will be output as though it were printed from the parent's scope. Using
       runkit_sandbox_output_handler(3) however, output generated by the sandbox (including errors), can be captured by a function outside of  the
       sandbox.

       Note

	      Sandbox  support	(required for runkit_lint(3), runkit_lint_file(3), and the Runkit_Sandbox class) is only available as of PHP 5.1.0
	      or specially patched versions of PHP 5.0, and requires that thread safety be enabled. See the README file  included  in  the  runkit
	      package for more information.

       Note

	      Deprecated

	       As  of  runkit version 0.5, this function is deprecated and is scheduled to be removed from the package prior to a 1.0 release. The
	      output handler for a given Runkit_Sandbox instance may be read/set using the array offset syntax shown on the  Runkit_Sandbox  class
	      definition page.

PARAMETERS

	      o $sandbox
		- Object instance of Runkit_Sandbox class on which to set output handling.

	      o $callback
		-  Name of a function which expects one parameter. Output generated by $sandbox will be passed to this callback. Anything returned
		by the callback will be displayed normally. If this parameter is not passed then output handling will not be changed.  If  a  non-
		truth value is passed, output handling will be disabled and will revert to direct display.

RETURN VALUES

	Returns the name of the previously defined output handler callback, or FALSE if no handler was previously defined.

EXAMPLES

       Example #1

	      Feeding output to a variable

	      <?php
	      function capture_output($str) {
		$GLOBALS['sandbox_output'] .= $str;

		return '';
	      }

	      $sandbox_output = '';

	      $php = new Runkit_Sandbox();
	      runkit_sandbox_output_handler($php, 'capture_output');
	      $php->echo("Hello
");
	      $php->eval('var_dump("Excuse me");');
	      $php->die("I lost myself.");
	      unset($php);

	      echo "Sandbox Complete

";
	      echo $sandbox_output;
	      ?>

	      The above example will output:

	      Sandbox Complete

	      Hello
	      string(9) "Excuse me"
	      I lost myself.

PHP Documentation Group 											  RUNKIT_SANDBOX_OUTPUT_HANDLER(3)
Man Page

Featured Tech Videos