A little shell script to create various types of sandboxes on the fly!
- Linux - (xUbuntu, openSUSE, and Linux Mint tested)
- /bin/bash (Others are untested!)
- unionfs-fuse - (installed automatically using the install command)
| Distribution | Sandbox (temp) | Sandbox (semi) | Sandbox (perm) | Sandbox (ram) | Sand grains |
|---|---|---|---|---|---|
| xUbuntu | Y | Y | Y | Y | Y |
| Linux Mint | Y | Y | Y | Y | Y |
| openSUSE | Y | Y | Y | Y | Y |
| GalliumOS | Y | Y | Y | Y | Y |
Sandbox is a little shell script that mounts an union file system over your current root file system. You can think of it like placing a sheet of transparent paper over your current file system. All files can be read from within the sandbox, but any changes or writes get written to the paper, not the original file system!
In this way, if you decide you want to undo what you've just done, you just remove the paper, ie. the sandbox.
There are quite a few different types of sandboxes available, so whether you need a quick ephemeral container, to a permanent sandbox to host your testing and development applications in, we've got you covered!
Simply run ./sandbox install - The install command will install all needed dependencies, and also add the executable to your path.
Alternatively, you can install unionfs-fuse yourself and use ./sandbox as a portable application!
To get the latest version of the script, regardless how you installed it, you can use the update command.
sandbox update
Please note this requires curl installed!
Once installed, you can create a sandbox from anywhere by typing sandbox in a terminal. This will create a temporary sandbox, that will be destroyed once you exit it. See Types of Sandboxes below!
To safely exit any sandbox, use the command logout. This will destroy the sandbox if it is a temporary one!
A shortcut for this is CTRL-D! (This must be done with nothing typed in the terminal!)
To prevent the sandbox from being destroyed, you can give it a name!
sandbox -n firefox
This will create a semi-permanent sandbox, which will persist until reboot. (see warnings below!)
Once you name the sandbox, you can connect multiple terminals to the same sandbox by using the same name. You can also reattach to an exited sandbox by using it's name.
To make a sandbox permanent, you just add the -p flag!
sandbox -n dontdeleteme -p or more simply sandbox -pn dontdeleteme
Keep in mind this flag requires a name, otherwise you won't be able to get back to it!
Don't fear my friend, we've got you covered! To list all semi-permanent sandboxes, just use the list flag!
sandbox -l
If it's a permanent sandbox you're after, simply add the permanent flag!
sandbox -p -l or sandbox -pl
Anything that's done from within that terminal is also sandboxed! So if you run firefox from within a sandbox, it will also be part of the sandbox! You can also run your file manager or text editor to view the files within the sandbox!
Yes you can! Just add the command for the application after the flags!
sandbox -pn webdev firefox - Will immediately run firefox in a sandbox called webdev!
If you need to pass in parameters, make sure you enclose them in quotes!
sandbox -pn stay "mousepad /home/cal/Sandbox/README.md"
No problem! You need sand grains! These are little pre-configured scripts for automatically installing software in your sandboxes! Simply use the -g flag, comma separating any sand grains you would like to install!
sandbox -g firefox,transmission -n downloadbox
Want to know what sand grains are available? Simply use the -g list option!
sandbox -g list
Your piece of software not there? Why not make one! Take a look at the sandgrains folder above to see how they're done, fork this repo and make a pull request once you're done! :D
To access the filesystem of your sandbox, just use the -o flag!
sandbox -pn mysandbox -o
This will open a folder at the root of your sandbox, allowing you to locate your files within the sandbox, and copy them elsewhere if desired!
Want to run an entire X-Session or Desktop Environment in a sandbox? Well you can! There are two ways to run it - in a window in your current X-Session using Xephyr, or in an entirely new X-Session!
To start an X-Session in a window, simple add the -x flag to any sandbox command!
sandbox -n test -x
This will install Xephyr if needed, and start up a new X-Session in a window! If you want to run this window fullscreen, just use the -f flag too! :D
sandbox -x -f or sandbox -xf
To run the sandbox in a completely new X-Session, which will normally give you better performance, you just have to run the command in a new tty.
To switch to a new tty, simple press CTRL-ALT-F1! This will bring up basically a fullscreen terminal! To switch back, just press CTRL-ALT-F7!
If you then login and run a sandbox in this new terminal, it'll open a new X-Session!
You can then normally switch between the X-Sessions by using CTRL-ALT-F7 and CTRL-ALT-F8!
Sandbox also supports RAM Disks, which being backed by your RAM has some interesting pros!
-
Speed! - RAM is much faster than hard disks, so you'll get much faster read write speeds!
-
Security! - As RAM is wiped on reboot, all changes will be forever lost to the void! As long as you keep in mind the warnings, it's a much more secure way to store temporary data as nothing will be written to disk! (See warnings!)
-
Limited Space! - As a RAM disk is backed by your available RAM, you'll only be able to write as much data as you have free memory (RAM) left! So a 1GB file would need at least 1GB free RAM to store it! Keep this in mind as running out of RAM will not only produce write errors in your Sandbox, but you also risk crashing your host system if you run out of free memory! D:
-
Swap Leaks! - In contrast to the Security pro above, if you have swap enabled on your system, you will negate the security factor! As RAM fills up, Linux will put certain portions of the RAM onto your swap partition, writing it to disk! Unless this swap is encrypted, you'll be writing your sandbox directly to disk, making it possible to recover the data with special tools!
Now! After you've read through all that, to spawn a RAM backed sandbox, simple add the memory flag!
sandbox -m or sandbox -m -n coolramdisk
There's no point using the permanent flag with this one, as RAM is wiped once it looses power!
Sure can do!
| Type of Table | Lifespan | Command |
|---|---|---|
| Temporary | Until you exit the sandbox | sandbox |
| Semi-permanent | Until reboot (see warnings) | sandbox -n prettyname |
| Permanent | Until you delete it with the -d flag |
sandbox -pn staywithme |
| Temporary RAM | Until reboot | sandbox -m |
To get a quick look at all the commands available you can use the help flag!
sandbox -h
It will produce this output, which should be enough to jog your memory!
Usage: ./sandbox [OPTIONS]... [COMMAND]
Sandboxes
-n NAME name the sandbox
-p permanent sandbox
-m in-memory sandbox
-d delete the named sandbox
-l list all sandboxes
Sandgrains
-g GRAIN comma separated grains, or 'list' to see all
Sandpits
-r NAME new sandpit name
-i PIT initialise sandpit
-v VARIENT sandpit varient to install (eg. vivid)
X-Session
-x start an x-session
-f start fullscreen (xephyr)
Other
-s PATH set sandbox root directory (eg. usb stick)
-o opens your filemanager to see the sandbox's filesystem
-h show this help text
COMMAND command to run instead of shell
See https://github.com/cal2195/Sandbox for more information!
Sandboxes can be happily nested, simply just call another sandbox command from within a sandbox! This would allow you to have multiple "roll back" points if you're trying out many new things!
- If you're using the RAM disk option, make sure you read the warnings above in the memory section!
- It should also be noted that semi-permanent sandboxes hang around until the
/tmpfolder is wiped, which is generally configured for just after the next boot up of the system!
- Add ramdisk saving/loading
- Add notification when in sandbox
- Add sandbox chaining