Potted descriptions of Plash

Debian package description

Description: Sandbox programs to run them with minimum authority

Plash is a sandbox for running GNU/Linux programs with the minimum necessary privileges. It is similar to chroot jails, but is more lightweight and flexible. You can use Plash to grant a process read-only or read-write access to specific files and directories, which can be mapped at any point in its private filesystem namespace.

Plash provides a command line tool (pola-run) for running programs in a sandbox, granting access to specific files and directories.

Plash also provides a "powerbox" user interface by which the user can grant an application the right to access files. A powerbox is just like a normal file chooser dialog box, except that it also grants access rights. The powerbox is implemented as a trusted component -- applications must ask the system to open a file chooser, rather than implementing it themselves. Plash comes with a patch to Gtk to implement GtkFileChooserDialog in terms of the powerbox API.

The Plash execution environment doesn't require a modified Linux kernel -- it uses chroot() and UIDs. It works with existing Linux executables, provided they are dynamically linked, because Plash uses a modified version of GNU libc.

Plash virtualizes the filesystem. With the modified libc, open() works by sending a request across a socket. The server process can send a file descriptor back across the socket in response. Usually, Plash does not slow programs down because the most frequently used system calls (such as read() and write()) work on kernel-level file descriptors as before.

Freshmeat description

Plash is a sandbox for running GNU/Linux programs with minimum privileges. It is suitable for running both command line and GUI programs. It can dynamically grant Gtk-based GUI applications access rights to individual files that you want to open or edit. This happens transparently through the Open/Save file chooser dialog box, by replacing GtkFileChooserDialog. Plash virtualizes the file namespace and provides per-process/per-sandbox namespaces. It can grant processes read-only or read-write access to specific files and directories, mapped at any point in the filesystem namespace. It does not require modifications to the Linux kernel.

PottedDescriptions (last edited 2007-06-10 11:05:07 by MarkSeaborn)