Am 04.03.26 um 05:41 schrieb Theo de Raadt:
The only way to do what you are talking about here is to dumb it down to the least capable subsystem. But that will make it much, much, much less ineffective than a pristine solution. At that point the word 'sandboxing becomes approximately as valuable as it has been for for a while. The bar should be high, but it is low. But the word sandboxing is always satisfied by performing the minimum. "Oh we sandboxed it". The problem is the community understanding that a minimum sandbox is still considered a sandbox.
The idea is not to provide a "sandbox" just to be able to check a checkmark, but to provide an actual security boundary.
By abstraction, I don't mean a race to the bottom for the lowest common denominator (which is no sandboxing at all), but rather an abstraction over pledge+unveil that can also be made to work with Landlock (and maybe Capsicum). So it would deny everything by default and also allow no file system paths by default, except for those explicitly allowed.
This way, the least common denominator doesn't mean allowing - it means denying. So, if, for example (and this is fictitious) Landlock has no way to allow what pledge("ps") does, you just won't be able to get a list of processes in your sandboxed process. Some OS-specific promises could also be added to make the user fully aware that this only works on that specific OS - and will fail on any other OS.
And yes, this means there are plenty of sandbox systems out there that will plainly not be supported because they don't have "deny everything by default", making them IMHO useless anyway.
If you're interested in this and would like to tear it apart once I got to it, let me know and I'll send you a link once it's there :).
-- Jonathan
