{"id":23684009,"url":"https://github.com/shawwwn/sbox","last_synced_at":"2026-01-06T05:30:19.800Z","repository":{"id":69404049,"uuid":"199837126","full_name":"shawwwn/sbox","owner":"shawwwn","description":"A shell script implementation of docker","archived":false,"fork":false,"pushed_at":"2019-10-29T12:06:50.000Z","size":161,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-12-29T20:32:46.984Z","etag":null,"topics":["container","docker","linux","namespace","sandbox"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/shawwwn.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-07-31T10:49:05.000Z","updated_at":"2024-06-12T03:46:07.000Z","dependencies_parsed_at":null,"dependency_job_id":"50718552-fe08-430f-8c4b-dcc22ba98ba8","html_url":"https://github.com/shawwwn/sbox","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shawwwn%2Fsbox","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shawwwn%2Fsbox/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shawwwn%2Fsbox/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shawwwn%2Fsbox/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/shawwwn","download_url":"https://codeload.github.com/shawwwn/sbox/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239735864,"owners_count":19688355,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["container","docker","linux","namespace","sandbox"],"created_at":"2024-12-29T20:32:02.385Z","updated_at":"2026-01-06T05:30:19.742Z","avatar_url":"https://github.com/shawwwn.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# sBox\n\nRun programs in a sandbox environment without writting to rootfs.\n\n\u003cimg src=\"https://user-images.githubusercontent.com/4016736/63220940-4de16780-c146-11e9-84ee-e643a0f9e83d.png\" width=\"250\" height=\"250\" /\u003e\n\n```bash\n# sbox bash\nCreate new container \"default\" with snapshot at /tmp/sbox/default/snapshot\nassigned ip 192.168.50.2 for sandbox\nEnter container \"default\":\n# pwd\n/root\n# ls\n# mkdir xxxx          # create directory in sandbox\n# cd xxxx/\n# touch TEST          # create file in sandbox\n#\n# exit\nexit\ndirty\n└── root\n    ├── .bash_history\n    └── xxxx\n        └── TEST\n\n2 directories, 2 files\n36K data generated.\n\u003e Commit changes to snapshot? [Y/n] y\ncommited to /tmp/sbox/default/snapshot\nSnapshot size 36K (1 files, 1 directories).\n\u003e Merge snapshot with local filesystem? [N/y] n\nAbort.\n#\n# pwd\n/root\n# ls                  # nothing gets written to our rootfs\n```\n\n## Description:\n\nPrograms run in **sBox** still have access to your rootfs except all modifications to file system will be cached. You may chose to merge these changes on exit.\n\nIn addition, **sBox** is capable of doing the following:\n\n- [x] Namespaces\n    - [x] Internet Access\n    - [x] Mount Points\n    - [x] PID (process view)\n    - [x] IPC (shared memory between processes)\n    - [x] UTS (hostname)\n    - [x] CGroup\n- [x] CGroup Integration (cgroup controllers on sandbox main process)\n- [x] Seccomp(syscall) Blacklist\n- [x] Capability Blacklist\n- [x] AppArmor Integration (profile per sandbox)\n\nThe [default sercurity profile](docs/sbox.md#note) of **sBox** can be a bit aggressive, you may want to tone it down if your program fails to run.\n\n## Installation:\n\n```bash\n# dependencies, make adjustments for package managers other than apt\napt-get install iproute2 net-tools iptables bash grep diffutils findutils sudo ipcalc pcregrep tree attr libseccomp2 libseccomp-dev apparmor-utils cgroup-tools libapparmor-dev\nmake install # copy executeables to /usr/bin\n```\n\n\n## Usage:\n\n* [sbox](docs/sbox.md)\n* [sbox-fstool](docs/sbox-fstool.md)\n* [sbox-mgt](docs/sbox-mgt.md)\n* [sbox-seccomp.so](docs/sbox-seccomp.so.md)\n* [sbox-aa.so](docs/sbox-aa.so.md)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshawwwn%2Fsbox","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fshawwwn%2Fsbox","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshawwwn%2Fsbox/lists"}