GNU bug report logs - #45198
28.0.50; Sandbox mode

Previous Next

Package: emacs;

Reported by: Stefan Monnier <monnier <at> iro.umontreal.ca>

Date: Sat, 12 Dec 2020 18:20:02 UTC

Severity: normal

Tags: patch

Found in version 28.0.50

Full log

Message #53 received at 45198 <at> debbugs.gnu.org (full text, mbox):

From: Mattias Engdegård <mattiase <at> acm.org>
To: Philipp Stephani <p.stephani2 <at> gmail.com>
Cc: Bastien <bzg <at> gnu.org>, 45198 <at> debbugs.gnu.org,
 Stefan Monnier <monnier <at> iro.umontreal.ca>,
 João Távora <joaotavora <at> gmail.com>
Subject: Re: bug#45198: 28.0.50; Sandbox mode
Date: Mon, 14 Dec 2020 12:12:43 +0100

> The sandboxing technologies I'm aware of are process-based (because Linux namespaces and kernel syscall filters are per-process), so a "start sandbox from here" function likely can't be implemented. The interface should rather be something like 

If you mean that the sandbox needs to be active from the very start of the process, I don't see why that has to be the case. It does not appear to be necessary for macOS, OpenBSD or FreeBSD, nor for at least some the Linux options I'm aware of.

Perhaps I misunderstood, and there may indeed be some desirable sandboxing methods that require from-exec sandboxing. It is often useful to allow for a set-up period prior to activating restrictions allowing for specific files to be opened and so on and can make the sandboxing itself simpler by being less selective.

From-exec sandboxing also precludes using simple forking (without exec) as a cheap way to start the Emacs subprocess (if somewhat Unix-specific).
This bug report was last modified 3 years and 7 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.