#security #sandbox #seccomp #sydbox #pinktrace

yanked pandora_box

Pandora's Box: A helper for SydBox, a seccomp-bpf based application sandbox, to make sandboxing practical

21 unstable releases (3 breaking)

0.6.2 Jun 30, 2021
0.5.2 Jun 14, 2021

#9 in #ptrace

Download history 25/week @ 2023-08-14 3/week @ 2023-08-21 25/week @ 2023-08-28 27/week @ 2023-09-04 28/week @ 2023-09-11 2/week @ 2023-09-18 3/week @ 2023-09-25 2/week @ 2023-10-02 43/week @ 2023-10-16 23/week @ 2023-10-23 30/week @ 2023-10-30 1/week @ 2023-11-06 2/week @ 2023-11-13 25/week @ 2023-11-20

58 downloads per month


1.5K SLoC

The ☮ther SⒶndbøx

Repology:SydBox stability:pre-release Coverity:SydBox Coverage:SydBox Sourcehut.Builds:SydBox SPDX-License-Identifier: GPL-2.0-only
SydBox LibSecComp ZebraPig Heckert TuX

SydBox is a seccomp based sandbox for modern Linux machines to sandbox unwanted process access to filesystem and network resources.

SydBox requires no root access and no ptrace rights. They don't depend on any specific Linux kernel option to function. The only dependency is libseccomp which is available on many different architectures, including x86, x86_64, x32, arm, aarch64, mips, mips64...

This makes it very easy for a regular user to use. This is the motto of SydBox: bring easy, simple, flexible and powerful security to the Linux user!

The basic idea of SydBox is to run a command under certain restrictions. These restrictions define which system calls the command is permitted to run and which argument values are permitted for the given system call. The restrictions may be applied via two ways. seccomp-bpf can be used to apply simple Secure Computing user filters to run sandboxing fully on kernel space, and seccomp-notify functionality can be used to run sandboxing on kernel space and fallback to user space to dereference pointer arguments of system calls -- which are one of pathname, UNIX socket address, IPv4 or IPv6 network address -- and make dynamic decisions using rsync-like wildcards such as allowlist/write+/home/sydbox/*** , or allowlist/write+/run/user/*/pulse for pathnames, and using CIDR notation such as allowlist/network/connect+inet: , or allowlist/network/connect+inet6:::1/8@9050 for IPv4 and IPv6 addresses and perform an action which is by default denying the system call with an appropriate error -- which is usually permission denied, or operation canceled -- or kill the process running the system call, or kill all processes at once with SIGKILL.

See: https://sydbox.exherbo.org

For updates, check out my blog at https://pink.exherbo.org

Build & Requirements

SydBox uses autotools. To build, simply do ./configure, make, make -j check and sudo make install. By default this will produce a statically linked SydBox binary. If you want use dynamic linking, give the --disable-static option to ./configure.

To use SydBox you need a Linux kernel with version 5.6 or newer which includes the secure computing mode with the SECCOMP_USER_NOTIF_FLAG_CONTINUE facility, and the system calls pidfd_send_signal, and pidfd_getfd.

In addition, it is recommended that you enable the kernel option CONFIG_CROSS_MEMORY_ATTACH so that SydBox can use the system calls process_vm_readv and process_vm_writev. These system calls are available in Linux since 3.2. Note SydBox will use the file /proc/pid/mem if these system calls are unavailable or not working so this is not a hard dependency.

For more information about these requirements, check the following links:


See the SydBox manual page on more information about secure computing mode protections. The parts which are of particular interest to read are:

SydBox & Pandora

NOTE: Pandora is in its early stages of development. To be able to use Pandora you need Sydbox-2.2.0 or later.

. @
Tar https://dev.exherbo.org/~alip/sydbox/sydbox-2.2.0.tar.bz2
SHA https://dev.exherbo.org/~alip/sydbox/sydbox-2.2.0.tar.bz2.sha1sum
GPG https://dev.exherbo.org/~alip/sydbox/sydbox-2.2.0.tar.bz2.sha1sum.asc
Git https://git.exherbo.org/git/sydbox-1.git
Ann https://pink.exherbo.org/sydbox-v2.0.1/

You can check the build options using sydbox --version:

$ sydbox --version
Options: dump:yes seccomp:yes ipv6:yes netlink:yes

To see if your system is supported by SydBox, use sydbox ---test:

$ sydbox --test
sydbox: Linux/chesswob 5.12.10
sydbox: [>] Checking for requirements...
sydbox: [*] cross memory attach is functional.
sydbox: [*] /proc/pid/mem interface is functional.
sydbox: [*] pidfd interface is functional.
sydbox: [*] seccomp filters are functional.
sydbox: [>] SydBox is supported on this system!

To verify SydBox is working correctly, either use make -j check during installation or use the helper utility syd-test to run the installed tests.



Pandora's Box: A helper for SydBox, a ptrace & seccomp based sandbox to make sandboxing practical. This makes it easy for the end user to use secure computing for practical purposes.

pandora sandbox

SydBox may be configured through the magic path /dev/sydbox which is a virtual path that exists solely for inter-process communication with the sandbox to configure and extend it. In Exherbo, we have the command esandbox to interface with the sandbox. The subcommand pandora sandbox provides the exact same interface.

Note: pandora sandbox works as long as the magic lock of Sydbox is not locked either via the magic command core/trace/magic_lock:on or via the command-line option --lock. You may also lock the magic command using pandora with pandora sandbox lock after which no more sandboxing commands are permitted.

Here's a list of pandora sandbox commands:

Querying sandbox status

  • pandora sandbox check: Check whether the program is being executed under sandboxing.
  • pandora sandbox enabled or pandora sandbox enabled_path: Check whether path sandboxing is enabled.
  • pandora sandbox enabled_exec: Check whether exec sandboxing is enabled.
  • pandora sandbox enabled_net: Check whether network sandboxing is enabled.

Turning sandboxing on/off

  • pandora sandbox enable or pandora sandbox enable_path: Enable path sandboxing.
  • pandora sandbox disable or pandora sandbox disable_path: Disable path sandboxing.
  • pandora sandbox enable_exec: Enable exec sandboxing.
  • pandora sandbox disable_exec: Disable exec sandboxing.
  • pandora sandbox enable_net: Enable network sandboxing.
  • pandora sandbox disable_net: Disable network sandboxing.


  • pandora sandbox allow or pandora sandbox allow_path: Whitelist a path for path sandboxing. Takes one extra argument which must be an absolute path.
  • pandora sandbox disallow or pandora sandbox disallow_path: Removes a path from the path sandboxing whitelist. Takes one extra argument which must be an absolute path.
  • pandora sandbox allow_exec: Whitelist a path for execve() sandboxing. Takes one extra argument which must be an absolute path.
  • pandora sandbox disallow_exec: Removes a path from the execve() sandboxing whitelist. Takes one extra argument which must be an absolute path.
  • pandora sandbox allow_net: Whitelist a network address for bind() whitelist - or for connect() whitelist if --connect option is given.
  • pandora sandbox disallow_net: Removes a network address from the bind() whitelist - or from connect() whitelist if --connect option is given.


  • pandora sandbox addfilter or pandora sandbox addfilter_path: Add a pattern as a path sandboxing filter. Takes one extra argument which is a fnmatch() pattern.
  • pandora sandbox rmfilter or pandora sandbox rmfilter_path: Removes a pattern from the path sandboxing filter list. Takes one extra argument which is a fnmatch() pattern.
  • pandora sandbox addfilter_exec: Add a pattern as a execve() sandboxing filter. Takes one extra argument which is a fnmatch() pattern.
  • pandora sandbox rmfilter_exec: Removes a pattern from the execve() sandboxing filter list. Takes one extra argument which is a fnmatch() pattern.
  • pandora sandbox addfilter_net: Add a network address as a network sandboxing filter. Takes one extra argument which is a network address.
  • pandora sandbox rmfilter_net: Removes a pattern from the network sandboxing filter list. Takes one extra argument which is a network address.

Miscellaneous commands

  • pandora sandbox lock: Lock magic commands. After calling this none of the pandora sandbox commands will work. You don't need to call this, see exec_lock.
  • pandora sandbox exec_lock: Lock magic commands upon execve().
  • pandora sandbox wait_eldest: By default, sydbox waits for all traced processes to exit before exiting. However, this isn't desired in some cases. For example when a daemon, like udev, is restarted from within an exheres which will go on its execution after installation. This command makes sydbox resume all processes and exit after the eldest process has exited.
  • pandora sandbox wait_all: Wait for all processes before exiting. This is the default.

Specifying Network Addresses

Network addresses may be specified in the following forms:

  • unix-abstract:FNMATCH_PATTERN
  • inet:ipv4_address/NETMASK@PORT_RANGE
  • inet6:ipv6_address/NETMASK@PORT_RANGE

where /NETMASK can be omitted and PORT_RANGE can either be a number or two numbers in the form BEGIN-END. In addition, there are a few network aliases that are expanded to network addresses. They are listed below:

  • LOOPBACK is expanded to inet://
  • LOOPBACK6 is expanded to inet6://::1/8
  • LOCAL is expanded to four addresses as defined in RFC1918:
    • inet:
    • inet:
    • inet:
    • inet:
  • LOCAL6 is expanded to four addresses:
    • inet6:::1
    • inet6:fe80::/7
    • inet6:fc00::/7
    • inet6:fec0::/7

So you may use LOOPBACK@0 instead of inet:

Example 1: Restricted Login Shell

When run without arguments Sydbox drops into a restricted login shell. This is the default sandboxing profile installed by Sydbox and may also be used as basic config for other applications. It's installed under $sharedir/sydbox/default.syd-2 where $sharedir is usually /usr/share.

$ syd
There is no other day
Let's try it another way
You'll lose your mind and play
Free games for may
See Emily play

I have no name!@sydb☮x /tmp/syd-2-1000-423516-FOBHci $ pandora sandbox check
/dev/sydbox: OK
I have no name!@sydb☮x /tmp/syd-2-1000-423516-FOBHci $ uname -a
 sydb☮x 2.2.0 #2 ♡ GNU/Linux
I have no name!@sydb☮x /tmp/syd-2-1000-423516-FOBHci $ hostname
I have no name!@sydb☮x /tmp/syd-2-1000-423516-FOBHci $ cat /etc/passwd
{"id":5,"ts":1625053319,"pid":520579,"event":{"id":15,"name":"☮☮ps"},"sys":"open","syd":"open(`/etc/passwd')","comm":"cat","cmd":"cat /etc/passwd ","cwd":"/tmp/syd-2-1000-423516-FOBHci","ppid":423516,"tgid":520579,"proc":{"ppid":423517,"tgid":520579,"cwd":"/tmp/syd-2-1000-423516-FOBHci"}}
cat: /etc/passwd: Operation not permitted
I have no name!@sydb☮x /tmp/syd-2-1000-423516-FOBHci $ cd /tmp
{"id":9,"ts":1625053379,"pid":423517,"event":{"id":15,"name":"☮☮ps"},"sys":"chdir","syd":"chdir(`/tmp')","comm":"bash","cmd":"bash --rcfile /usr/share/sydbox/sydbox.bashrc -i ","cwd":"/tmp/syd-2-1000-423516-FOBHci","ppid":0,"tgid":423517,"proc":{"ppid":423516,"tgid":423517,"cwd":"/tmp/syd-2-1000-423516-FOBHci"}}
bash: cd: /tmp: Permission denied
I have no name!@sydb☮x /tmp/syd-2-1000-423516-FOBHci $

Example 2: Sandbox Firefox

Step 1: Inspect and gather data about the given process.

In this case, we're going to try with https://www.mozilla.org/de/firefox/new/.

$ pandora profile firefox

Browse using firefox for a while, let pandora gather data. The browser is running under a tracer so it'll run noticably slower.

  • use --bin /path/to/sydbox, if sydbox is not in PATH
  • use --output firefox.syd-2 to specify an alternative output path for profile.
$ $EDITOR out.syd-2

Inspect what the browser has been doing. Enable, disable additional options or turn paths into wildcards such as /home/*** to allow home and everything beyond /home the usual glob characters, ?, * are supported.

Check SydBox manual page to learn more on how PATTERN MATCHING works.

Enable, disable additional network addresses unless you're using a SOCKS5 proxy which does remote DNS lookups, e.g:


for Tor.

Check SydBox manual page to learn more on how ADDRESS MATCHING works.

$ pandora box -c out.syd-2 firefox

For instance if you see an access violation such as

sydbox: 8< -- Access Violation! --
sydbox: connect(-1, unix:/run/user/1000/pulse/native)
sydbox: proc: AudioIPC Server[754336] (parent:0)
sydbox: cwd: `/home/alip/src/exherbo/sydbox-1'
sydbox: cmdline: `/usr/lib/firefox/firefox '
sydbox: >8 --
sydbox: 8< -- Access Violation! --
sydbox: connect(-1, unix:/var/run/pulse/native)
sydbox: proc: AudioIPC Server[754336] (parent:0)
sydbox: cwd: `/home/alip/src/exherbo/sydbox-1'
sydbox: cmdline: `/usr/lib/firefox/firefox '
sydbox: >8 --

This sounds like you're trying to play some audio on your browser. In this case, you should add an allowlist to your profile .syd-2 file and restart your browser under this new profile.


Note, sometimes you may have to add a symbolic link rather than the file it is pointing to, or vice versa, or both.

Last but not least,

Share your profile with other people and help others use secure computing!

Here is a Firefox profile edited by yours truly:



If you do not have a very recent Linux version, you may use Sydbox-1.2.1 which requires Pink's Tracing Library

NOTE: SydBox-2.0.1 and newer do not use ptrace() but use seccomp user notify facilities in recent Linux kernels 5.6 and newer. Hence, PinkTrace is no longer a dependency.

See: https://pinktrace.exherbo.org


Read BUGS.

Below are the details of the author. Mail is preferred. Attaching poems encourages consideration tremendously.

Hey you, out there beyond the wall,
Breaking bottles in the hall,
Can you help me?


Github mirror is updated periodically. Feel free to submit an issue or a pull request there. Attaching poems encourages consideration tremendously.


Read the fine manual of SydBox and SydFmt.

Blog Posts


~204K SLoC