exile.h/README.md

qssb.h (quite simple sandbox)
=============================
qssb.h is a simple header only library that provides an interface
to sandbox applications on Linux. Using Seccomp and Linux Namespaces for that
purpose requires some knowledge of annoying details which this library
aims to abstract away as much as possible.

Status
======
No release yet, API is unstable.

Features
========
  - Systemcall filtering
  - restricting file system access
  - dropping privileges 
  - isolating the application from the network, etc.

Requirements
============
Kernel >=3.17
sys/capabilities.h header. Depending on your system, libcap
might be needed for this.


FAQ
===

Does the process need to be priviliged to utilize the library?
----------------------------------------------------------------
No.

It doesn't work on Debian!
--------------------------
You can thank a Debian-specific patch for that. In the future,
the library may check against that. Execute
echo 1 > /proc/sys/kernel/unprivileged_userns_clone to disable that
patch for now.

Documentation
=============
To be written

Examples
========
  - qswiki: https://gitea.quitesimple.org/crtxcr/qswiki
  - cgit sandboxed: https://gitea.quitesimple.org/crtxcr/cgitsb
  - qpdfviewsb sandboxed (quick and dirty): https://gitea.quitesimple.org/crtxcr/qpdfviewsb


Contributing
============
Contributions are very welcome. Options: 
1) Pull-Request: github.com/quitesimpleorg/qssb 
2) Mail to qssb at quitesimple.org with instructions
on where to pull the changes.
3) Mailing a classic patch.

License
=======
ISC
updated README 2019-11-15 21:53:26 +01:00			`qssb.h (quite simple sandbox)`
			`=============================`
			`qssb.h is a simple header only library that provides an interface`
Update README.md: Update example projects links, minor improvements 2020-09-26 17:21:28 +02:00			`to sandbox applications on Linux. Using Seccomp and Linux Namespaces for that`
updated README 2019-11-15 21:53:26 +01:00			`purpose requires some knowledge of annoying details which this library`
			`aims to abstract away as much as possible.`
Initial commit 2019-10-13 17:57:12 +02:00
updated README 2019-11-15 21:53:26 +01:00			`Status`
			`======`
			`No release yet, API is unstable.`
Initial commit 2019-10-13 17:57:12 +02:00
			`Features`
			`========`
Update README.md: Update example projects links, minor improvements 2020-09-26 17:21:28 +02:00			`- Systemcall filtering`
			`- restricting file system access`
			`- dropping privileges`
			`- isolating the application from the network, etc.`
Initial commit 2019-10-13 17:57:12 +02:00
			`Requirements`
			`============`
updated README 2019-11-15 21:53:26 +01:00			`Kernel >=3.17`
			`sys/capabilities.h header. Depending on your system, libcap`
			`might be needed for this.`
Initial commit 2019-10-13 17:57:12 +02:00
updated README 2019-11-15 21:53:26 +01:00

			`FAQ`
			`===`

			`Does the process need to be priviliged to utilize the library?`
			`----------------------------------------------------------------`
			`No.`

			`It doesn't work on Debian!`
			`--------------------------`
			`You can thank a Debian-specific patch for that. In the future,`
			`the library may check against that. Execute`
			`echo 1 > /proc/sys/kernel/unprivileged_userns_clone to disable that`
			`patch for now.`
Initial commit 2019-10-13 17:57:12 +02:00
			`Documentation`
			`=============`
			`To be written`

			`Examples`
			`========`
Update README.md: Update example projects links, minor improvements 2020-09-26 17:21:28 +02:00			`- qswiki: https://gitea.quitesimple.org/crtxcr/qswiki`
			`- cgit sandboxed: https://gitea.quitesimple.org/crtxcr/cgitsb`
			`- qpdfviewsb sandboxed (quick and dirty): https://gitea.quitesimple.org/crtxcr/qpdfviewsb`
Initial commit 2019-10-13 17:57:12 +02:00

			`Contributing`
			`============`
updated README 2019-11-15 21:53:26 +01:00			`Contributions are very welcome. Options:`
Initial commit 2019-10-13 17:57:12 +02:00			`1) Pull-Request: github.com/quitesimpleorg/qssb`
			`2) Mail to qssb at quitesimple.org with instructions`
			`on where to pull the changes.`
			`3) Mailing a classic patch.`

			`License`
			`=======`
			`ISC`