User:ScotXW/Sandboxes on Linux
Sandboxes on Linux looks at the different mechanisms there are to implement sandbox on Linux = Linux kernel-based family of operating systems. With regard to the article sandbox being a pile of crap: July 2014 it is hard to document these software project, since we cannot just refer to the article to explain the underlying mechanisms and their merits. I doubt Wikipedia will ever attract good writers... its not the money, its the idiots being around here, and throwing money at it, will not help. Best follow Helmuth von Moltke the Elder advise and send them far far away...
- I think User:ScotXW/Virtualization introduced sandboxes and containers. If there is a difference between a sandbox and a container, I guess sandbox = for 1 application, container = for n applications. Sandbox was originally only for security, but nothing speaks against applying resource management to it.
- Linux Security Modules
- Capsicum: originally proposed 2010 at USENIX Security Symposium in a paper named "Capsicum: practical capabilities for UNIX" by Robert N. M. Watson (CL, University of Cambridge) Jonathan Anderson (CL, University of Cambridge) Ben Laurie (Google UK Ltd.) Kris Kennaway (Google UK Ltd.)[2] As the name sugggest it targets UNIX® (not "unix-like" or Ronald MacDonald). An implementation was written for FreeBSD and mainlined there in 9.0.[3] This could make Capsicum available in the PlayStation 4 system software, which was forked from FreeBSD 9.0. In July 2014, some people proposed to do Capsicum for the Linux kernel.[4]
2010 – Capsicum: Practical Capabilities for UNIX on YouTube FOSDEM 2014: Capsicum - kdbus/cgroups/systemd – Lennart Poettering et al. have been working on a Sandbox/Container based on these Linux kernel components. As of July 2014 kdbus is ready, but still waits to be accepted into Linux kernel mainline. This solution should give security AND resource management. Something klik-like could augment .deb and .rpm; by abandoning shared libraries, this could solve the problem of a missing widely-adopted Linux ABI and the not free enough problem. Abandoning "share libraries" removes test cases from them, this is bad, but maybe having to package the same software is more bad. Rigs of Rods is still not in the Debian repos. So we either make Linux people compile it, or serve klick-like packages to download next to the Window-install-package free for download.
- seccomp – mainlined 2.6.12 2005-03-08
Comparison
| OS | Techinque | LoC | FS | IPC | NET | S≠S' | Priv | |
|---|---|---|---|---|---|---|---|---|
| Windows | DAC ACLs | 22,350 | △ | △ |  |
|
 |
Windows ACLs and SIDs |
| Linux | chroot | 22,350 | |
|
|
|
|
SUID-root sandbox helper |
| SELinux | 22,350 | |
△ | |
|
|
Type Enforcement sandbox domain | |
| seccomp | 22,350 | △ | |
|
|
|
seccomp and userspace syscall wrapper | |
| OS X | Sandbox | 260 | |
△ | |
|
|
Seatbelt? Path-based MAC sandbox |
| FreeBSD | Capsicum | 100 | |
|
|
|
|
Capsicum sandboxing using cap_enter |
- ^ "Understanding the Access Control Model for Tizen Application Sandboxing". Archived from the original (PDF) on 2012-09-12.
- ^ "Capsicum: practical capabilities for UNIX" (PDF). 2010.
- ^ "Capsicum: practical capabilities for UNIX". LWN.net. 2012-02-22.
- ^ "Capsicum in the Linux kernel". LWN.net. 2014-07-01.