Projects / sydbox


sydbox is a ptrace-based sandbox implementation. It intercepts system calls, checks for allowed filesystem prefixes, and denies them when checks fail. It has basic support for disallowing network connections. It has basic support to sandbox execve calls. It is based in part on catbox and strace.

Operating Systems

Recent releases

  •  13 Aug 2012 15:44

    Release Notes: This is a maintenance release addressing a few issues. Note that no few features are going to be added to sydbox-0.

    •  30 Nov 2010 14:52

      Release Notes: SYDBOX_USER_CONFIG was fixed.

      •  12 Oct 2010 16:26

        Release Notes: This release removes the EFAULT hack for NULL path arguments now that pinktrace is fixed. It uses pinktrace's API to decode NULL-terminated string arrays for execve(). It requires pinktrace 0.0.3.

        •  03 Oct 2010 14:15

          Release Notes: Pinktrace is now required. A supplementary configuration file is supported via a SYDBOX_USER_CONFIG environment variable.

          •  14 Jun 2010 15:50

            Release Notes: This release fixes handling of rmdir and adds basic support for network aliases.


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.