Hi All,

I hope that everyone is doing well today.

Recently, I have mostly stepped away from Linux, FreeBSD, and Windows OS's to dive into Illumos and its associated OS's (SmartOS, OmniOS, and OpenIndiana) to gain more experience so that I an work on a new Illumos based OS.

For my project direction and in addition to the amazing features that Illumos-based systems have like Zones which are extremely useful, I also have a need for application sandboxes and found that Solaris 11.4 discusses it from what I could find (https://blogs.oracle.com/solaris/post/application-sandboxing-in-oracle-solaris-114)  and (https://docs.oracle.com/cd/E37838_01/html/E61023/dlp-sbox.html) and seem to be built into the OS.

Since I am not yet familiar with the Illumos code-base and am also still new this arena, I wanted to ask if Illumos has an application sandbox feature already.

Additionally, I found that there basically are "Sparse Root Zones (SRZ)" and "Whole Root Zones (WRZ)" as well that basically map various Global-Zone file directories into the non-Global Zone, and it made me wonder about Sandboxes and also perhaps non-global zones that are mapped with even less directories than SRZ.

Anyway, I am just thinking about some ideas for the project but application sandboxes would be extremely useful since I think that they are even smaller than the SRZ zones.

Any thought, ideas or suggestions would be greatly appreciated.

Thanks in advance and have a great day,
Lonnie