Warning: file_exists(): open_basedir restriction in effect. File(/srv/http/vhosts/aur.archlinux.org/public/web/locale//en/LC_MESSAGES/aurweb.mo) is not within the allowed path(s): (/srv/http/vhosts/aur-dev.archlinux.org/:/etc/aurweb/) in /srv/http/vhosts/aur-dev.archlinux.org/public/web/lib/streams.php on line 90
AUR (en) - playpen-git

Package Details: playpen-git 1:11-1

Git Clone URL: https://aur-dev.archlinux.org/playpen-git.git (read-only)
Package Base: playpen-git
Description: A secure application sandbox using namespaces, cgroups and seccomp
Upstream URL: https://github.com/thestinger/playpen/
Licenses: MIT
Conflicts: playpen
Provides: playpen
Submitter: thestinger
Maintainer: thestinger
Last Packager: thestinger
Votes: 4
Popularity: 0.000007
First Submitted: 2013-06-05 21:15
Last Updated: 2015-07-12 21:16

Latest Comments

thestinger commented on 2015-11-04 20:55

If you expose X11 to the sandbox, it changes the definition of 'secure' quite a bit.

thestinger commented on 2015-11-04 20:55

That means trusting the attack surface exposed by Xpra/X11 though. Playpen already puts a lot of work into reducing the less brittle kernel attack surface. It would want to be running a separate X11 instance instead of a separate sandbox but it's not intended for sandboxing graphical applications (yet?).

Mikos commented on 2015-11-04 12:16

thestinger: I have to disagree. You can securely isolate X11 applications with Xpra. Look at Oz sandbox by Subgraph OS (https://github.com/subgraph/oz) or Subuser (http://subuser.org/).

thestinger commented on 2015-10-13 02:16

It's not designed to sandbox graphical applications. In fact, it's not possible to sandbox X11 applications without running a separate X server. There are sandboxes claiming to do it without that, but they don't work.

The available options are listed in the --help output.

nail commented on 2015-10-10 15:18

Can someone help giving examples to sandbox popular programs like firefox, thunderbird, skype etc?
Whish options to use? Where to get all available options for playpen?

sysfu commented on 2013-10-19 06:36

Simple usage example as per the author:

# playpen sandbox true -s brk,access,open,fstat,mmap,close,read,mprotect,exit_group,arch_prctl,munmap