From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from tb-mx0.topicbox.com (localhost.local [127.0.0.1]) by tb-mx0.topicbox.com (Postfix) with ESMTP id B4F411EAD432 for ; Thu, 11 Jul 2024 19:59:33 -0400 (EDT) (envelope-from lonnie@outstep.com) Received: from tb-mx0.topicbox.com (localhost [127.0.0.1]) by tb-mx0.topicbox.com (Authentication Milter) with ESMTP id B82E6316D49; Thu, 11 Jul 2024 19:59:33 -0400 ARC-Seal: i=1; a=rsa-sha256; cv=none; d=topicbox.com; s=arcseal; t= 1720742373; b=ZOIhVyNalHPCo2R0tdmisBoWVcvNY+2/SnDgXlQdR5ojlZpPf6 ybYo+cZyBNYF2Zvjt2O3pPIWEFsIaDDzKS8oSh+0QmssGOzfF1ERRlJxbwzo/55n 0hlO2uPoo90IItbYbqN2oPDP6Gwr7xy409Hh0RgAB1vfyPpyfaIAFscJUzK3jqYo fwhVsRlu68eU1VoyfVaMJACVXGxxgQ8W1hXYmgBIZ6KbaXckSJ/rMNBh+gSUxMEW lqNxSqHE1Lk/G5n+3tbMIqR1GmGZOoSxipd56q/LiO64Wk1vqYCizstr3hUECfFa Pu004SCBd4Y2Ya8cRHPb19fn8SqJeKheWNfg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=content-type:message-id:date:mime-version:to :from:subject; s=arcseal; t=1720742373; bh=4XJVkQcFh4a5J4mq1910K 5NBkcJ+XwCgas1h9OhK+Ec=; b=yN/t6xWUr1M0oiZEP/HZTNqXMgnhcm59WoLUU pvF/X2XJ6inbhOh8XP3dBtif1lL040sP8ip95fNQZwCLAJulP6KGzgBxKWJRsJ1H wXbkXB0WGmmScH2uBQjZaWdTYuHWkfrupz6k4EkJ6Y5lwrjv6koY6dHuTuTMjwny AiY3y5N0H2DDia42KlZk66Xd0k/ZI630Xuzvgd+hcak6bR2o9tpgtRQ6sXmtiGxH OJ3Cbs7BOxKZX3RtQBh16/tzvtKNifWFiXIWkFvXARGLUlc5/ZZkmvWyItSmF4Tx 0kJJDUi1HNApDooL3tnLlDGoGeVoTJo1h6FPIhL06cCOaELeA== ARC-Authentication-Results: i=1; tb-mx0.topicbox.com; arc=none (no signatures found); bimi=none (No BIMI records found); dkim=pass (2048-bit rsa key sha256) header.d=outstep.com header.i=@outstep.com header.b=cFHkuFpk header.a=rsa-sha256 header.s=dkim x-bits=2048; dmarc=pass policy.published-domain-policy=reject policy.applied-disposition=none policy.evaluated-disposition=none (p=reject,d=none,d.eval=none) policy.policy-from=p header.from=outstep.com; iprev=pass smtp.remote-ip=213.136.84.29 (mail.outstep.net); spf=pass smtp.mailfrom=lonnie@outstep.com smtp.helo=mail.outstep.net; x-aligned-from=pass (Address match); x-me-sender=none; x-ptr=pass smtp.helo=mail.outstep.net policy.ptr=mail.outstep.net; x-return-mx=pass header.domain=outstep.com policy.is_org=yes (MX Records found: mail.outstep.net); x-return-mx=pass smtp.domain=outstep.com policy.is_org=yes (MX Records found: mail.outstep.net); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 Authentication-Results: tb-mx0.topicbox.com; arc=none (no signatures found); bimi=none (No BIMI records found); dkim=pass (2048-bit rsa key sha256) header.d=outstep.com header.i=@outstep.com header.b=cFHkuFpk header.a=rsa-sha256 header.s=dkim x-bits=2048; dmarc=pass policy.published-domain-policy=reject policy.applied-disposition=none policy.evaluated-disposition=none (p=reject,d=none,d.eval=none) policy.policy-from=p header.from=outstep.com; iprev=pass smtp.remote-ip=213.136.84.29 (mail.outstep.net); spf=pass smtp.mailfrom=lonnie@outstep.com smtp.helo=mail.outstep.net; x-aligned-from=pass (Address match); x-me-sender=none; x-ptr=pass smtp.helo=mail.outstep.net policy.ptr=mail.outstep.net; x-return-mx=pass header.domain=outstep.com policy.is_org=yes (MX Records found: mail.outstep.net); x-return-mx=pass smtp.domain=outstep.com policy.is_org=yes (MX Records found: mail.outstep.net); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgeeftddrfeehgdeftdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdpuffr tefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecunecujfgurheptgfkffggfg fvhffusegrtderredtvdejnecuhfhrohhmpefnohhnnhhivgcuvehumhgsvghrlhgrnhgu uceolhhonhhnihgvsehouhhtshhtvghprdgtohhmqeenucggtffrrghtthgvrhhnpeette dttdejtefhleevgffggfeijeehudfgiedtveeujeefgfefieefvdehkedtvdenucffohhm rghinhepohhrrggtlhgvrdgtohhmnecukfhppedvudefrddufeeirdekgedrvdelnecuve hluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepvddufedrudefiedrkeeg rddvledphhgvlhhopehmrghilhdrohhuthhsthgvphdrnhgvthdpmhgrihhlfhhrohhmpe eolhhonhhnihgvsehouhhtshhtvghprdgtohhmqedpnhgspghrtghpthhtohepuddprhgt phhtthhopeeouggvvhgvlhhophgvrheslhhishhtshdrihhllhhumhhoshdrohhrgheq X-ME-VSScore: 0 X-ME-VSCategory: clean Received-SPF: pass (outstep.com: 213.136.84.29 is authorized to use 'lonnie@outstep.com' in 'mfrom' identity (mechanism 'mx' matched)) receiver=tb-mx0.topicbox.com; identity=mailfrom; envelope-from="lonnie@outstep.com"; helo=mail.outstep.net; client-ip=213.136.84.29 Received: from mail.outstep.net (mail.outstep.net [213.136.84.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by tb-mx0.topicbox.com (Postfix) with ESMTPS for ; Thu, 11 Jul 2024 19:59:31 -0400 (EDT) (envelope-from lonnie@outstep.com) Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id A38E2234103E for ; Fri, 12 Jul 2024 01:59:27 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outstep.com; s=dkim; t=1720742368; h=from:subject:date:message-id:to:mime-version:content-type: content-language:autocrypt; bh=4XJVkQcFh4a5J4mq1910K5NBkcJ+XwCgas1h9OhK+Ec=; b=cFHkuFpkRyZf9pWlm10gM1GuEPoinAbBmlpyC0xom3NLFHgdeZWR7riJhXP/MXoBvrhLEl tjunLM27ERlDt9hoNZIPfyKUPQf0G7vInNg5V034KBwbngyZtAPrpGSMYUCV5GBkRl3Ka+ wcxzACDQL68gDBB5uJDxdkTolC1TA5lpC1f06w+91lNfNdMcURZoWygWzcNp+gmump46zn R9zyoOxaeaczE78WtyF3kd9+QrnLj5vmjRKFZAor27e9x7d5skzODtrxIeDWXe2nkGm0nT RbEEX3DDNumy7wnsRwsnYVXGSZFsWXbFseRz5xh7zwplLoFg5atsY4WrHGJBWQ== Content-Type: multipart/alternative; boundary="------------nJBvhI38UUmdF30u8os75x8x" Message-ID: Date: Thu, 11 Jul 2024 19:59:19 -0400 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: developer@lists.illumos.org Content-Language: en-US From: Lonnie Cumberland Subject: Sandboxing applications Autocrypt: addr=lonnie@outstep.com; keydata= xsDNBGZUkBcBDADf326hFXBZUOP9VKVMb569ZBxanDFn4/VSe88oit+OyvxtQoGWqEegTtpf 6zg1+9Dyx48+seZQvkbvZh/08CJaaNOZOP5uzwI70pWMpU+Uxvjed/Irl8Wp6pWixX+6qEm5 F7shGilvgxCbAPM8YH8Pp8M3nBy3IZGSS4vhlBlJHZ9VsvlZ69rvwJIcVv0igb1HEHkGFl3k O+odw9cScRVN7yLeqgAwXmhguZuOu0HN0UEgAgGszbPAPxckImOXI2c7gBbbl0P2aJwUPwKC CXb2SR4P/1lAsRJPFt37AyIjhPfLd9lKJVmxl+Jrd3xQ5TZUqAWOYNURJaKIQ7FmgPGtoXgi YZRg7rilc24FHbpjSYzAJwF6JNgn9ZJBOlY6Ra34SIFuB7m80dDYExRzYqQWjZZfLu3kQWv2 JDzxc0vnz1i8EkUYRlttz2RK+8bh0dbFQYRpyacAuUzqsthLOUMphuc2n994Ycjax3pXwt3H MvTjxZcB7tU5bBtnfV4XeyUAEQEAAc0mTG9ubmllIEN1bWJlcmxhbmQgPGxvbm5pZUBvdXRz dGVwLmNvbT7CwQcEEwEIADEWIQQulYU+Ak0zY3zlP1PNPEu2CUxXdQUCZlSQGAIbAwQLCQgH BRUICQoLBRYCAwEAAAoJEM08S7YJTFd1514MAJKgCilBtSfnDuqi6EsAv89vyLUC+UABqdIh ehwaImDTu65yniPARHsTQhXZI6QzfFTz3ptX7gQzZvAU0C1rVJWZaFbE4yHIEqerPPH5pTJA DL43GZU91is3BNE3hm2s3ArUHOEvFbWTzT9bQKjkHfPveByskzi0qlzrULZYG5kpbXx6sknW jFVdPkk0yv6N43ar9GjNKQqZTOJEe4U5VvHX3igMYjLB4dVmZFqvM9uMO+3pTQfnF4pzTtGd zX9ZIioAh/wQLF31P78ILvCUV4HOLVOGsxruZKuW/xEtA/UoLFJML5SJDrfbyNcu4Fly/5HP Yz42aNbnOBQkHOZKA7QaI0lfUgXgevAquRuJzvjjP8iKm+S+mpl7vIymsbkmG3E9tj5JAe9v xAyFFlQFi6ZVlw4PnXbiYUaJ30pa/AnrVe9nz5CpAxCX1q3ajRZApFeFYnuC7rx8LT662Pr1 fP5RRCbcUs5K8l2mJuifETtua+BydNQfn87JmmL0keAJGM7AzQRmVJAYAQwA9n99CBs/0XZk ZUzwm4CjPPqVQX7xLLqsvXZB15zsddCb21T+kxK7x2Bjg8QDg/4n/wOS8SytimPS35P1MKsm ysNi9lHkr3a3azfYGXZQ8jKfJbChD5dfyvu/rt4lK8k1EiNEUBzUFwTgP1WeD1v1+xUb5+JJ 6MjNFuMJMoq6vprEn0Wtv7LNDNWQj4/Xxa/kGVto9XwsrpcKSwyX7BmWEoqqzEO4PJgVSIF9 euL4GY15RCQD0Y+FN8kAXeO+Dd0WHgtaaWCpDP+RkgXtUCFx06Ozy1OrHRdIczsu+60Xcf+K DeoZsA2ZQTBwcSQN5ektrNeP5KqbYcl3stdW+grtucUs6AzFF3oqZbsrB6bNLyUUjEuYvrMm SFVi1rfOiGc6IExl6QDT0GCf5KWv0iGbls7lNfYHVUcdbUM07LDxLhm3MkcAnLFpAHg1s+Pz QP858J+fpnZLvMQT9AQ/bfA6c3kw6VRFqbsAe7ZzI4C73N+nzsP9ow5ovIbvECI+xkzZABEB AAHCwPYEGAEIACAWIQQulYU+Ak0zY3zlP1PNPEu2CUxXdQUCZlSQGQIbDAAKCRDNPEu2CUxX dTdmDADYJA7nWcJrr/3Oz+KvND+5Qd7jyOsTnvmcmFmpqWkydxbn75DciH1le9qf3F+WBT2x CQtsFGu0E7mb4bQv2i1ugyoWOJPlVAbRvwUoyFYbxHLnlSPPq6KBLcoRDNUe26oINuH6CK30 ZcXF0SDY26ydP7r6bC0cAzNTz6fkQsEd57wy/nSz9bt0EZnapYZ9l/W5fTSqyMcYDF92u18J IAn7On392bs3yTSwAeahPT+dhk3qOecbFysJRm61dw0vNCKVvm82tJKvzRPYEuFMDQEvpXb3 OqxCCRk3v0iUxwcXZxXPZAfos7ZrM2Y9ElSHfrssbvbeqDIOrGa0d2GlfHZMlz+mnH84Np5K 19Q/WetiOD7SKvmR54d7jZvsBt8VyDlQhMYqbNPyOnkvtQUhVWshrGGwKrB5a89dUYZMmAQd fL+vxMw4kBmeZmZ64Iy9ROZmDqVYD8278qC+yJC2S+uEdW9VjeW4WsUljfH2P3O8QagZsvGv WujEwGqqyfUF7eo= X-Last-TLS-Session-Version: TLSv1.3 Topicbox-Policy-Reasoning: allow: sender is a member Topicbox-Message-UUID: a237698c-3fe1-11ef-8f9a-b3590a8c7b06 This is a multi-part message in MIME format. --------------nJBvhI38UUmdF30u8os75x8x Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hi All, I hope that everyone is doing well today. Recently, I have mostly stepped away from Linux, FreeBSD, and Windows OS's to dive into Illumos and its associated OS's (SmartOS, OmniOS, and OpenIndiana) to gain more experience so that I an work on a new Illumos based OS. For my project direction and in addition to the amazing features that Illumos-based systems have like Zones which are extremely useful, I also have a need for application sandboxes and found that Solaris 11.4 discusses it from what I could find (https://blogs.oracle.com/solaris/post/application-sandboxing-in-oracle-solaris-114) and (https://docs.oracle.com/cd/E37838_01/html/E61023/dlp-sbox.html) and seem to be built into the OS. Since I am not yet familiar with the Illumos code-base and am also still new this arena, I wanted to ask if Illumos has an application sandbox feature already. Additionally, I found that there basically are "Sparse Root Zones (SRZ)" and "Whole Root Zones (WRZ)" as well that basically map various Global-Zone file directories into the non-Global Zone, and it made me wonder about Sandboxes and also perhaps non-global zones that are mapped with even less directories than SRZ. Anyway, I am just thinking about some ideas for the project but application sandboxes would be extremely useful since I think that they are even smaller than the SRZ zones. Any thought, ideas or suggestions would be greatly appreciated. Thanks in advance and have a great day, Lonnie --------------nJBvhI38UUmdF30u8os75x8x Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit Hi All,

I hope that everyone is doing well today.

Recently, I have mostly stepped away from Linux, FreeBSD, and Windows OS's to dive into Illumos and its associated OS's (SmartOS, OmniOS, and OpenIndiana) to gain more experience so that I an work on a new Illumos based OS.

For my project direction and in addition to the amazing features that Illumos-based systems have like Zones which are extremely useful, I also have a need for application sandboxes and found that Solaris 11.4 discusses it from what I could find (https://blogs.oracle.com/solaris/post/application-sandboxing-in-oracle-solaris-114)  and (https://docs.oracle.com/cd/E37838_01/html/E61023/dlp-sbox.html) and seem to be built into the OS.

Since I am not yet familiar with the Illumos code-base and am also still new this arena, I wanted to ask if Illumos has an application sandbox feature already.

Additionally, I found that there basically are "Sparse Root Zones (SRZ)" and "Whole Root Zones (WRZ)" as well that basically map various Global-Zone file directories into the non-Global Zone, and it made me wonder about Sandboxes and also perhaps non-global zones that are mapped with even less directories than SRZ.

Anyway, I am just thinking about some ideas for the project but application sandboxes would be extremely useful since I think that they are even smaller than the SRZ zones.

Any thought, ideas or suggestions would be greatly appreciated.

Thanks in advance and have a great day,
Lonnie
 --------------nJBvhI38UUmdF30u8os75x8x--