Log in

No account? Create an account

Previous Entry Share Flag Next Entry
Whats new with Sandbox in Fedora 12?
Every time I demonstrate sandbox to some one, they say, "That's great, but can it do X, Y and Z?" 

I have taken those suggestions along with some great patches from Josh Cogliati, I have updated the sandbox tool.

New Features:

> man sandbox

SANDBOX(8)                       User Commands                      SANDBOX(8)

       sandbox - Run cmd under an SELinux sandbox

       sandbox  [-l level ] [[-M | -X]  -H homedir -T tmpdir ] [-I includefile
       ] [[-i file ]...] [ -t type ] cmd
       -M     Create a Sandbox  with  temporary  files  for  $HOME  and  /tmp,
              defaults to sandbox_t

       -H homedir
              Use alternate homedir to mount.  Defaults to temporary. Requires
              -X or -M.

       -T tmpdir
              Use alternate tempdir to mount.  Defaults to temporary. Requires
              -X or -M.

      -l     Specify the MLS/MCS  Security  Level  to  run  the  sandbox  in.
              Defaults to random.

Several people asked for a permanent Homedir and tmpdir, rather then blowing it away when you exit.  We added -H and -T qualifiers to allow you to specify a homedir and/or tmpdir that sandbox will use and leave in tact when it completes.

For example you can use

mkdir /tmp/myweb ~/myweb
sandbox -X -T /tmp/myweb -H ~/myweb -t sandbox_web_t firefox danwalsh.livejournal.com

Then you can download any content, setup bookmarks ... and the sandbox will not remove them when you are done.   If you later run a command with the same sandbox homedir and tmpdir, the content will be there. 

sandbox -X -T /tmp/myweb -H ~/myweb -t sandbox_web_t firefox danwalsh.livejournal.com

You could use similar sandbox commands for games, you could use sandbox to stop any rogue game from attacking your system, but be able to save your levels.

Note: You would not be able to run two sanbox at the same time with the same homedir.  Unless ....  Read on.

I met Stephen  Smoogen at the Fedora Summit and he asked if we could use sandbox with MLS environments.  
I added a -l option to sandbox which allows you to select the MCS/MLS level you wish to run at. 

sandbox -X -l TopSecret ooffice ~/MySecrets.odf

Should work on an MLS X Station.  This would run a X Session at TopSecret running openoffice on a copy of MySecrets.odf.

If you combine this with selection of levels, you can start to do stuff like

mkdir ~/homedir_TopSecret /tmp/tmp_TopSecret
chcon -t TopSecret ~/homedir_TopSecret /tmp/tmp_TopSecret
sandbox -X -l TopSecret -H ~/homedir_TopSecret -I /tmp/tmp_TopSecret xterm

And now you are running an xterm at TopSecret on permanent files that are TopSecret.   I actually like this better then Xace, but that is for another blog.

Note:  Fedora 12 has not been certified for LSPP, but you should be able to run MLS policy on it.

MLS is not required, you can also specify an MCS domain and the tool will still work,  This allows you to run two sandboxes at the same time with the same homedir/tmpdir.

Finally we added the -M which allow non -X sandboxes to run with temporary or permanent storage.

Depending on the sandbox's you might have to add more privs to the SELinux types in order to get them to work.  For example, I think we need a sandbox_games_t type.  Anyone want to take a stab.


Will get you started.

Now if we could only get re-sizable Xephyr, or at least allow the user to specify the sandbox X window size.