./sysutils/sandboxctl, Manages chroot-based sandboxes

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.1nb2, Package name: sandboxctl-1.1nb2, Maintainer: pkgsrc-users

sandboxctl is a tool to interact with chroot-based sandboxes.

The sandboxctl tool provides an automated mechanism to create and
interact with chroot-based sandboxes. These sandboxes can be transient
(e.g. to run a single command within them) or long-lived (e.g. to run a
system service in a safe manner).

Sandboxes can be created using multiple mechanisms, which range from
extracting fresh distribution sets to bind-mounting the outer file
systems inside the sandbox. The specific mechanism depends on the
features supported by the underlying operating system and the chosen
sandbox type. Currently, sandboxctl includes support for FreeBSD,
Linux, macOS (Darwin), and NetBSD.

Each sandbox is defined via a configuration file provided by the user
and a system-specific template provided by this package. The user
configuration is simple and semantically-rich, allowing the system
administrator to not worry about the environment-specific details.

This is not an official Google product.


Required to run:
[devel/shtk]

Required to build:
[pkgtools/cwrappers]

Package options: tests

Master sites:

Filesize: 96.719 KB

Version history: (Expand)


CVS history: (Expand)


   2024-07-25 07:41:53 by Thomas Klausner | Files touched by this commit (22)
Log message:
*: reset MAINTAINER (became observer)
   2024-06-23 19:16:41 by Amitai Schleier | Files touched by this commit (3)
Log message:
sandboxctl: run certctl if available. Bump PKGREVISION.
   2021-10-26 13:20:30 by Nia Alarie | Files touched by this commit (630)
Log message:
sysutils: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes
   2021-10-07 16:58:44 by Nia Alarie | Files touched by this commit (630)
Log message:
sysutils: Remove SHA1 hashes for distfiles
   2019-09-21 00:31:30 by Maya Rashish | Files touched by this commit (3)
Log message:
sandboxctl: don't use tar -e on netbsd. it's not supported by the newly
default libarchive tar.

From Robert Nestor on pkgsrc-users.
bump PKGREVISION
   2019-01-14 11:52:49 by Julio Merino | Files touched by this commit (3) | Package updated
Log message:
Update sandboxctl to 1.1:

Changes in version 1.1
======================

**Released on 2019-01-14.**

* Fixed the `darwin-native` type to allow accessing the Oracle JRE from
  within the sandbox.

* Expose `/usr/local` in `darwin-native` so that third-party software
  installed on the host, such as OSXFUSE, can be found.

* Expose an empty `/private/var/mail` directory within the `darwin-native`
  sandbox so that programs that expect the directory to exist can work.

* Issue 2: Fixed access to the system keychain on `darwin-native`
  sandboxes, which allows, among other things, for HTTPS downloads to
  work properly.

* Issue 4: Fixed the `netbsd-native` type to recognize a `/boot` directory
  and to ignore the lack of `/netbsd`, as is the case for
  NetBSD/evbarm-earmv7hf 7.1 Raspberry Pi images.

* Issue 5: Fixed DNS resolution in `darwin-native` sandboxes, which
  apparently got broken in the macOS Sierra 10.12.4 update because SIP
  now prevents modifying the running mDNSResponder instance.

* Issue 7: Fixed execution of compilers and other Xcode tools within a
  `darwin-native` sandbox starting with High Sierra.  Unfortunately, we
  now require SIP to be disabled for these tools to work.

* Added support for XZ-compressed files to `sandbox_extract`.

* Added support for XZ-compressed release sets to `netbsd-native` and
  `netbsd-release`.  As a side-effect of this change, the
  `NETBSD_RELEASE_SETS` setting in `netbsd-release` now takes a list
  of set names *without* their extension.
   2017-02-17 22:23:42 by Julio Merino | Files touched by this commit (8)
Log message:
Initial addition of sandboxctl 1.0:

sandboxctl is a tool to interact with chroot-based sandboxes.

The sandboxctl tool provides an automated mechanism to create and
interact with chroot-based sandboxes.  These sandboxes can be transient
(e.g. to run a single command within them) or long-lived (e.g. to run a
system service in a safe manner).

Sandboxes can be created using multiple mechanisms, which range from
extracting fresh distribution sets to bind-mounting the outer file
systems inside the sandbox.  The specific mechanism depends on the
features supported by the underlying operating system and the chosen
sandbox type.  Currently, sandboxctl includes support for FreeBSD,
Linux, macOS (Darwin), and NetBSD.

Each sandbox is defined via a configuration file provided by the user
and a system-specific template provided by this package.  The user
configuration is simple and semantically-rich, allowing the system
administrator to not worry about the environment-specific details.

This package is primarily targetted at supporting pkgtools/pkg_comp
but is provided as a standalone tool for flexibility.