Skip to content

Pardus-Linux/catbox

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

141 Commits
bin
bin
 
 
debian
debian
 
 
src
src
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
COPYING
COPYING
 
 
MANIFEST.in
MANIFEST.in
 
 
Makefile
Makefile
 
 
OKUBENİ
OKUBENİ
 
 
README
README
 
 
TODO
TODO
 
 
setup.py
setup.py
 
 

Repository files navigation

Sandbox is a mechanism which provides a tighly-controlled set of resources
for guest programs to run in. They are used for security and testing purposes.

There are many uses for a sandbox in package management:

1. In the build process, we dont want packages to modify host operating
system while they are configuring or compiling. We want them to be
constrained in their temporary build directory. Denying the write
operations outside of this directory is most basic application of
a sandbox here.

2. Instead of actually doing some operations like changing permission or
ownership of files, we can just log them, and mark in the generated package.
That way we dont need to be a root user in order to build a package with
such properties.

3. We can log many build operations, and analyze them to see actual
build dependencies of the package for example.

4. We can build package in a temporary directory, but let it think that
in runs in root directory with everything out there is read only mapped
inside. That can greatly simplify build scripts.

There are two ways to sandbox a build script within user context without
resorting to special kernel modules:

1. We can override functions of glibc with LD_PRELOAD. Since this requires
executing the script inside a new shell, passing Python variables between
builder and scripts is hacky and cumbersome.

2. We can intercept system calls with kernel ptrace interface.

We decided to go with the latter way. There is already a good ptrace
sandbox framework for Python, called Subterfugue. Apart from a small
C binding for ptrace call, it is completely written in Python.
Unfortunately dealing with each system call with Python is quite
slow for a build farm. There are over a thousand packages, and
some of them like OpenOffice.org or kdebase takes a huge time to
compile even on high end computers.

Thus we wrote catbox, a small sandboxing module for PiSi (the package
manager for Pardus Linux). It is completely written in C, and it wont
provide custom system call hooks or advanced modifications to the
guest environment like Subterfugue.

Although, catbox started as a sandboxing module for PiSi, it is now a
more generic sandbox module that can be used generically.

Event Hooks:

* child_initialized(pid): Event hook is called on parent process but
  after child is initialized to be traced and before parent notifies
  child to continue. Pid of the child process is given as the only
  argument. (available in version 1.4+)

* child_died_unexpectedly(pid): Event hook is called when we got a
  signal/event from a child but the child was already dead. Pid of the
  child process is given as the only argument. (available in version
  1.4+)


Dependencies:

* pcre (OPTIONAL): If enabled path can be defined with regular
  expressions. Just append --enable-pcre to the setup.py command.

* Testify: (https://github.com/Yelp/Testify) Testify is used for
  unittests only.

About

Sandbox implementation for Pisi

Resources

Readme

License

GPL-2.0 license
Activity
Custom properties

Stars

3 stars

Watchers

10 watching

Forks

9 forks
Report repository

Releases

2 tags

Packages

No packages published

Contributors 7

Languages