exile.h/README.md

64 regels
1.5 KiB
Markdown

2019-11-15 21:53:26 +01:00
qssb.h (quite simple sandbox)
=============================
qssb.h is a simple header only library that provides an interface
to sandbox applications on Linux. Using Seccomp and Linux Namespaces for that
2019-11-15 21:53:26 +01:00
purpose requires some knowledge of annoying details which this library
aims to abstract away as much as possible.
2019-10-13 17:57:12 +02:00
2019-11-15 21:53:26 +01:00
Status
======
No release yet, API is unstable.
2019-10-13 17:57:12 +02:00
Features
========
- Systemcall filtering
- restricting file system access
- dropping privileges
- isolating the application from the network, etc.
2019-10-13 17:57:12 +02:00
Requirements
============
2019-11-15 21:53:26 +01:00
Kernel >=3.17
sys/capabilities.h header. Depending on your system, libcap
might be needed for this.
2019-10-13 17:57:12 +02:00
2019-11-15 21:53:26 +01:00
FAQ
===
Does the process need to be priviliged to utilize the library?
----------------------------------------------------------------
No.
It doesn't work on Debian!
--------------------------
You can thank a Debian-specific patch for that. In the future,
the library may check against that. Execute
echo 1 > /proc/sys/kernel/unprivileged_userns_clone to disable that
patch for now.
2019-10-13 17:57:12 +02:00
Documentation
=============
To be written
Examples
========
- qswiki: https://gitea.quitesimple.org/crtxcr/qswiki
- cgit sandboxed: https://gitea.quitesimple.org/crtxcr/cgitsb
- qpdfviewsb sandboxed (quick and dirty): https://gitea.quitesimple.org/crtxcr/qpdfviewsb
2019-10-13 17:57:12 +02:00
Contributing
============
2019-11-15 21:53:26 +01:00
Contributions are very welcome. Options:
2019-10-13 17:57:12 +02:00
1) Pull-Request: github.com/quitesimpleorg/qssb
2) Mail to qssb at quitesimple.org with instructions
on where to pull the changes.
3) Mailing a classic patch.
License
=======
ISC