{ "info": { "author": null, "author_email": null, "bugtrack_url": null, "classifiers": [], "description": "============================================================================\nsandboxlib: a lightweight library for running programs/commands in a sandbox\n============================================================================\n\nThis project is a total work in progress, no documentation yet.\n\nIt is being developed as part of the Baserock_ project.\n\nThe goal of this library is to provide the sandboxing functionality that is\nalready present in the build tools Morph_ and YBD_. We want this new library\nto be usable without depending on linux-user-chroot_, so that it can be used\non Mac OS X, and hopefully other platforms too.\n\nA longer term goal is to become a useful, generic, cross-platform tool for\nrunning commands in an environment that is partially isolated from the host\nsystem in some way.\n\nThe library is implemented in Python currently. This is mostly because it is\nan adaptation of existing Python code, not because of any desire to exclude\nother languages. Maybe we could rewrite it as a C library with Python bindings.\n\nSANDBOXLIB DOES NOT GUARANTEE YOU ANY KIND OF SECURITY. Its main purpose is\nfor isolating software builds from the host system, to ensure that builds\nare not contacting the network, or reading or writing files outside the build\nenvironment.\n\n.. _Baserock: http://www.baserock.org/\n.. _Morph: http://wiki.baserock.org/Morph/\n.. _YBD: https://github.com/devcurmudgeon/ybd/\n.. _linux-user-chroot: https://git.gnome.org/browse/linux-user-chroot/tree/\n\nCurrent backends\n================\n\n- chroot: any POSIX OS, requires 'root' priviliges\n- linux-user-chroot_: Linux-only, does not require 'root', requires\n ``linux-user-chroot`` to be installed and setuid root\n\nPossible future backends\n========================\n\n- `Security Enhanced Linux`_ (SELinux): see https://danwalsh.livejournal.com/28545.html\n- systemd-nspawn_\n\n.. _Security Enhanced Linux: http://selinuxproject.org/page/Main_Page\n.. _systemd-nspawn: http://www.freedesktop.org/software/systemd/man/systemd-nspawn.html\n\nRelationship to other projects\n==============================\n\nSandboxing\n----------\n\nlibsandbox / pysandbox\n~~~~~~~~~~~~~~~~~~~~~~\n\nThe libsandbox_ library is a Linux-specific implementation of process\nsandboxing, which supports intercepting syscalls, calling setrlimit(),\nand dropping certain privileges.\n\n.. _libsandbox: https://github.com/openjudge/sandbox\n\nPRoot\n~~~~~\n\nThe PRoot_ tool provids features similar to linux-user-chroot_, plus some\nextra code to allow running programs for a different architecture using\nvirtualisation. The PRoot tool is `discontinued `_.\n\n.. _PRoot: http://proot.me/\n\nSandstorm.io\n~~~~~~~~~~~~\n\nSandstorm.io_ aims to be a platform for running web applications on shared\ninfrastructure, with individual users in mind.\n\nIt uses the 'namespaces' feature of Linux. See\nhttps://github.com/sandstorm-io/sandstorm for more information.\n\nSandstorm.io_ is for a specific use case of web application sandboxing, so it\ndoesn't make sense for sandboxlib to wrap it. Use it directly if it suits your\npurpose!\n\n.. _Sandstorm.io: https://sandstorm.io/\n\nseccomp\n~~~~~~~\n\nThe Linux kernel provides the seccomp_ syscall, which can be used in two ways.\n\nThe ``SECCOMP_SET_MODE_STRICT`` operation creates a very restrictive but secure\nsandbox. Most programs wouldn't work in this sandbox, but it does have some uses.\nIt is `used by Google Chrome\n`_,\namong other things.\n\nThe ``SECCOMP_SET_MODE_FILTER`` operation allows blacklisting certain system\ncalls. This can be done in such a way that most existing programs work, but\ncertain obvious security holes in a sandbox are closed (for example, the\nkexec() system call).\n\n.. _seccomp: http://man7.org/linux/man-pages/man2/seccomp.2.html\n\nxdg-app (GNOME Application Sandboxing)\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nThe xdg-app_ project started from a desire in the GNOME_ desktop project to\nallow running 3rd-party applications with some isolation from the host system.\nMobile platforms like Android and iOS have been doing this for some time\nalready.\n\nIt implements sandboxing mainly using the 'namespaces' feature of Linux. Find\nout more about `the project `_\nand `how the sandboxing is implemented\n`_.\n\nxdg-app_ is for a specific use case of desktop application sandboxing, so it\ndoesn't make sense for sandboxlib to wrap it. Use it directly if it suits your\npurpose!\n\n.. _GNOME: https://www.gnome.org/\n.. _xdg-app: https://github.com/alexlarsson/xdg-app\n\nFurther reading\n~~~~~~~~~~~~~~~\n\n- `Sandboxing for multi-tenant applications `_ (archived)\n- `StackOverflow question \"Run an untrusted C program in a sandbox in Linux that prevents it from opening files, forking, etc.? `_\n- `StackOverflow question \"How to \"jail\" a process without being root? `_\n\nContainerisation\n----------------\n\nThere is a lot of overlap between the topics of 'containerisation' and\n'sandboxing'. Many tools that work with 'containers' expect that containers\nare long-lived things, where the 'sandboxlib' library treats a sandbox as a\nmuch more lightweight, temporary thing.\n\nApp Container spec\n~~~~~~~~~~~~~~~~~~\n\nI have been using the `App Container spec`_ as a reference during development.\nThe scope of 'sandboxlib' is different to that of the App Container spec:\n'sandboxlib' only deals with a single, isolated sandbox (which may or may\nnot be a 'container'), where the App Container spec is focused on multiple\ncontainers. However, 'sandboxlib' would be a useful building block for\nimplementing a complete App Container runtime, and simple App Container images\n(.acis) should be runnable with the ``run-sandbox`` tool directly.\n\n.. _App Container spec: https://github.com/appc/spec/\n\nClear Containers\n~~~~~~~~~~~~~~~~\n\nIntel_ are producing a Linux distribution named `Clear Linux\n`_, as part of a project to develop what they call\n`Clear Containers `_. The idea is to make\nvirtualisation with QEMU_ fast enough and convenient enough to compete with\ncurrent containerisation software. All current containerisation systems use\nkernel namespacing, which provide a much weaker security barrier than full\nvirtualisation.\n\nThe implementation depends on Linux's KVM_ feature, plus patched versions of\nQEMU_ and Linux.\n\n.. _Intel: http://www.intel.com/\n.. _KVM: http://www.linux-kvm.org/page/Main_Page\n.. _QEMU: https://en.wikipedia.org/wiki/QEMU\n\nDocker\n~~~~~~\n\nDocker_ allows managing multiple prebuilt container systems. While it `can\nsupport multiple platform-specific backends `_\nfor running containers, I am only aware of Linux-specific backends at the time\nof writing.\n\n.. _Docker: https://www.docker.io/\n\nschroot\n~~~~~~~\n\nThe use case for the schroot_ tool is 'I want to define a contained\nenvironment once, and use it many times.' The 'sandboxlib' library is more\nabout dynamically creating sandboxes. If schroot_ suits your needs, just\nuse it directly without any abstraction layer.\n\n.. _schroot: https://launchpad.net/schroot\n\nPython-specific Sandboxing\n--------------------------\n\nThe 'sandboxlib' library is for sandboxing *any* program, at the operating\nsystem level.\n\nIf you want to do language-level sandboxing (i.e. run untrusted Python code\nwithin a larger Python program), there are some ways to do it.\n\nThe concensus seems to be that Python language-level sandboxing is pretty much\nimpossible with the default 'cpython' Python runtime:\n\n- https://mail.python.org/pipermail/python-dev/2013-November/130132.html\n- https://programmers.stackexchange.com/questions/191623/best-practices-for-execution-of-untrusted-code\n\nHowever, other Python runtimes do support language-level sandboxing. PyPy_ is one:\n\n- https://pypy.readthedocs.org/en/latest/sandbox.html\n\n.. _PyPy: http://www.pypy.org/\n\nBuild tools\n-----------\n\nBazel\n~~~~~\n\nThe Bazel_ build tool contains a `Linux-specific sandbox implementation\n`_.\n\n.. _Bazel: http://bazel.io/\n\nMorph\n~~~~~\n\nThe Morph_ build tool (from Baserock_) is the original source of the\n'sandboxlib' linux_user_chroot backend. Hopefully Morph will adopt the\n'sandboxlib' library in future.\n\nYBD\n~~~\n\nThe YBD_ build tool (from Baserock_) `triggered the creation of the\n'sandboxlib' library `_.\n\nLicense\n-------\n\nLicense is GPLv2 but other licensing can be considered on request\n\nMost of the copyright is currently Codethink but don't let that put you off.\nThere's no intent to keep this as a Codethink-only project, nor will there be\nany attempt to get folks to sign a contributor agreement. Contributors retain\ntheir own copyright.", "description_content_type": null, "docs_url": null, "download_url": null, "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": null, "keywords": null, "license": "GPL2", "maintainer": null, "maintainer_email": null, "name": "sandboxlib", "package_url": "https://pypi.org/project/sandboxlib/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/sandboxlib/", "project_urls": null, "release_url": "https://pypi.org/project/sandboxlib/0.3.1/", "requires_dist": null, "requires_python": null, "summary": "Sandboxing Library for Python", "version": "0.3.1" }, "last_serial": 2315924, "releases": { "0.1.0.dev28": [ { "comment_text": "", "digests": { "md5": "866109d4a95d3c7ca7da43735baaf621", "sha256": "250155e71b5deb4ffd3a07a0ef50fbe3ad281f50799f19877fa86b9ac23acbcb" }, "downloads": -1, "filename": "sandboxlib-0.1.0.dev28.tar.gz", "has_sig": false, "md5_digest": "866109d4a95d3c7ca7da43735baaf621", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 18001, "upload_time": "2015-06-04T13:24:28", "url": "https://files.pythonhosted.org/packages/7d/7a/709f9f3b5cf106da0667548e9caa7acb06b93409c72a03c28c536eeffb1e/sandboxlib-0.1.0.dev28.tar.gz" } ], "0.1.1": [ { "comment_text": "", "digests": { "md5": "de3abf0556b1d048b252ac3a0126cc20", "sha256": "db43bfea676087e6e7aaf64f22847b9377650e8fe1a4e7d1ef51635b39664b18" }, "downloads": -1, "filename": "sandboxlib-0.1.1.tar.gz", "has_sig": false, "md5_digest": "de3abf0556b1d048b252ac3a0126cc20", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 18819, "upload_time": "2015-06-04T15:08:25", "url": "https://files.pythonhosted.org/packages/7a/11/d38a6fc02db49253a0053e16717b5c0b9be88d2306f6d37a8683fd10f1c4/sandboxlib-0.1.1.tar.gz" } ], "0.3.0": [ { "comment_text": "", "digests": { "md5": "698f70c01776008acfe3c02a3ab62e4d", "sha256": "3040261e19eb3fe3f228a62ffd6ca7f8a86460ec2b58efc8f9fc23a15632162a" }, "downloads": -1, "filename": "sandboxlib-0.3.0.tar.gz", "has_sig": false, "md5_digest": "698f70c01776008acfe3c02a3ab62e4d", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 20213, "upload_time": "2015-06-09T14:31:19", "url": "https://files.pythonhosted.org/packages/48/d0/38b287c4c99aba62981417cf75f5e8eb4dc4e4c41293aad6e9a61c9b5d8f/sandboxlib-0.3.0.tar.gz" } ], "0.3.1": [ { "comment_text": "", "digests": { "md5": "8e5f0c7b9ad3f267606ea97912eb9bcb", "sha256": "3090d56123b1e1dc5245b1ab21a49fb86dd7c6d18e4d7c599f0d537f17445233" }, "downloads": -1, "filename": "sandboxlib-0.3.1.tar.gz", "has_sig": false, "md5_digest": "8e5f0c7b9ad3f267606ea97912eb9bcb", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 21796, "upload_time": "2015-06-17T13:18:31", "url": "https://files.pythonhosted.org/packages/1d/c4/22af935cbd4f54859a8e359d81e04d724e94b558447e70b13befdc68946c/sandboxlib-0.3.1.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "8e5f0c7b9ad3f267606ea97912eb9bcb", "sha256": "3090d56123b1e1dc5245b1ab21a49fb86dd7c6d18e4d7c599f0d537f17445233" }, "downloads": -1, "filename": "sandboxlib-0.3.1.tar.gz", "has_sig": false, "md5_digest": "8e5f0c7b9ad3f267606ea97912eb9bcb", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 21796, "upload_time": "2015-06-17T13:18:31", "url": "https://files.pythonhosted.org/packages/1d/c4/22af935cbd4f54859a8e359d81e04d724e94b558447e70b13befdc68946c/sandboxlib-0.3.1.tar.gz" } ] }