hasufell
/
etc-gentoo
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
932 Commits
1 Branch
8.5 MiB
 
 
 
 
 
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
etc-gentoo/sandbox.conf

73 lines
2.2 KiB
Raw Permalink Blame History 

  1. # Sandbox main configuration file

  2. 

  3. # Note that configuration parser is fairly basic, so try to keep things simple.

  4. 

  5. #

  6. # BASIC Section

  7. #

  8. 

  9. # Basic sandbox configuration. Sandbox will use values here if not already set

  10. # in the environment.  Assignment works like bash variable assignment (ie, last

  11. # value assigned to the variable is used).

  12. 

  13. # SANDBOX_VERBOSE

  14. #

  15. #  Determine if sandbox print access violations, or if debugging is enabled,

  16. #  it will also print allowed operations.  Default is "yes"

  17. #SANDBOX_VERBOSE="yes"

  18. 

  19. # SANDBOX_DEBUG

  20. #

  21. #  In addition to the normal log, a debug log is also written containing all

  22. #  operations caught by sandbox.  Default is "no"

  23. #SANDBOX_DEBUG="no"

  24. 

  25. # NOCOLOR

  26. #

  27. #  Determine the use of color in the output.  Default is "false" (ie, use color)

  28. #NOCOLOR="false"

  29. 

  30. 

  31. #

  32. # ACCESS Section

  33. #

  34. 

  35. # The next section contain rules for access.  It works a bit different from the

  36. # previous section in that values assigned to variables stack.  Also since these

  37. # do NOT get overridded by values already set in the environment, but rather

  38. # those get added.

  39. #

  40. # If you want values that only get set if one of the variables are not already

  41. # present in the environment, place a file in /etc/sandbox.d/ (replace /etc

  42. # with what sysconfdir was configured to).

  43. #

  44. # Another difference from above, is that these support simple variable name

  45. # substitution.  Variable names must be in the form of '${variable}' (without

  46. # the '').  It is very basic, so no command substitution, etc is supported.

  47. #

  48. # The values consists of the respective paths seperated by a colon (:)

  49. #

  50. # SANDBOX_DENY - all access to respective paths are denied

  51. #

  52. # SANDBOX_READ - can read respective paths

  53. #

  54. # SANDBOX_WRITE - can write to respective paths

  55. #

  56. # SANDBOX_PREDICT - respective paths are not writable, but no access violation

  57. #                   will be issued in the case of a write

  58. #

  59. 

  60. # Needed for stdout, stdin and stderr

  61. SANDBOX_WRITE="/dev/fd:/proc/self/fd"

  62. # Common device nodes

  63. SANDBOX_WRITE="/dev/zero:/dev/null:/dev/full"

  64. # Console device nodes

  65. SANDBOX_WRITE="/dev/console:/dev/tty:/dev/vc/:/dev/pty:/dev/tts"

  66. # Device filesystems

  67. SANDBOX_WRITE="/dev/pts/:/dev/shm"

  68. # Tempory storage

  69. SANDBOX_WRITE="/tmp/:/var/tmp/"

  70. # Needed for shells

  71. SANDBOX_WRITE="${HOME}/.bash_history"