Creating a sandbox temporary environment in unix

I'm not sure, but you can try using the chroot command to create a new "root" environment, for example

If you have a directory structure and want to “protect” the “license” file,

/ /etc + license /bin + ls /lib + ... 

You can create a chroot environment as

 itily@openzooey :~$ mkdir chroot_example itily@openzooey :~$ cd chroot_example/ itily@openzooey :~/chroot_example$ mkdir -p usr/lib lib bin etc itily@openzooey :~/chroot_example$ cd bin/ itily@openzooey :~/chroot_example/bin$ cp /bin/ls . itily@openzooey :~/chroot_example/bin$ ldd ls libsec.so.1 => /lib/libsec.so.1 libnvpair.so.1 => /lib/libnvpair.so.1 libcmdutils.so.1 => /lib/libcmdutils.so.1 libcurses.so.1 => /lib/libcurses.so.1 libc.so.1 => /lib/libc.so.1 libavl.so.1 => /lib/libavl.so.1 libidmap.so.1 => /usr/lib/libidmap.so.1 libnsl.so.1 => /lib/libnsl.so.1 libuutil.so.1 => /lib/libuutil.so.1 libmp.so.2 => /lib/libmp.so.2 libmd.so.1 => /lib/libmd.so.1 libm.so.2 => /lib/libm.so.2 

Now fill in the "shared lib" required by the ls command (using the ldd known to us, which are required shared libraries

 itily@openzooey :~/chroot_example/bin$ ldd ls |awk '{print "cp "$3" lib/"}' cp /lib/libsec.so.1 lib/ cp /lib/libnvpair.so.1 lib/ cp /lib/libcmdutils.so.1 lib/ cp /lib/libcurses.so.1 lib/ cp /lib/libc.so.1 lib/ cp /lib/libavl.so.1 lib/ cp /usr/lib/libidmap.so.1 lib/ cp /lib/libnsl.so.1 lib/ cp /lib/libuutil.so.1 lib/ cp /lib/libmp.so.2 lib/ cp /lib/libmd.so.1 lib/ cp /lib/libm.so.2 lib/ 

Now we need to copy "lib" and usr / lib to our new directory

 itily@openzooey :~/chroot_example/bin$ cd .. itily@openzooey :~/chroot_example$ ldd /bin/ls |awk '{print "cp "$3" lib/"}'|bash itily@openzooey :~/chroot_example$ ls -ltr total 9 drwxr-xr-x 2 itily staff 2 dic 22 14:37 etc drwxr-xr-x 2 itily staff 3 dic 22 14:37 bin drwxr-xr-x 2 itily staff 14 dic 22 14:38 lib itily@openzooey :~/chroot_example$ cp /usr/lib/libidmap.so.1 usr/lib/ itily@openzooey :~/chroot_example$ cp /usr/lib/ld.so.1 usr/lib/ itily@openzooey :~/chroot_example$ cd lib/ itily@openzooey :~/chroot_example/lib$ ls -l total 7615 -rwxr-xr-x 1 itily staff 14044 dic 22 14:38 libavl.so.1 -rwxr-xr-x 1 itily staff 1721400 dic 22 14:38 libc.so.1 -rwxr-xr-x 1 itily staff 26748 dic 22 14:38 libcmdutils.so.1 -rwxr-xr-x 1 itily staff 293876 dic 22 14:38 libcurses.so.1 -rwxr-xr-x 1 itily staff 97852 dic 22 14:38 libidmap.so.1 -rwxr-xr-x 1 itily staff 398704 dic 22 14:38 libm.so.2 -rwxr-xr-x 1 itily staff 87164 dic 22 14:38 libmd.so.1 -rwxr-xr-x 1 itily staff 25140 dic 22 14:38 libmp.so.2 -rwxr-xr-x 1 itily staff 648776 dic 22 14:38 libnsl.so.1 -rwxr-xr-x 1 itily staff 74776 dic 22 14:38 libnvpair.so.1 -rwxr-xr-x 1 itily staff 97500 dic 22 14:38 libsec.so.1 -rwxr-xr-x 1 itily staff 49556 dic 22 14:38 libuutil.so.1 itily@openzooey :~/chroot_example/lib$ cd .. 

So the final structure

 itily@openzooey :~/chroot_example$ ls -l total 12 drwxr-xr-x 2 itily staff 3 dic 22 14:37 bin drwxr-xr-x 2 itily staff 5 ene 10 20:43 etc drwxr-xr-x 2 itily staff 14 ene 10 20:48 lib drwxr-xr-x 3 itily staff 3 ene 10 20:40 usr 

Also you need groups, passwd and other files

 itily@openzooey :~/chroot_example$ echo "this is a test" > etc/license itily@openzooey :~/chroot_example$ cd etc/ itily@openzooey :~/chroot_example/etc$ cat /etc/group |grep staff > group itily@openzooey :~/chroot_example/etc$ cat /etc/passwd |grep itily > passwd 

Now you can run the chroot command, but if you try to run as non root, you will receive an error message

 itily@openzooey :~$ chroot chroot_example bin/ls /etc chroot: cannot change root directory to chroot_example: Not owner 

So you need to run as root

 itily@openzooey :~$ pfexec chroot chroot_example /bin/ls -l /etc total 6 -rw-r--r-- 1 101 10 11 Jan 10 19:43 group -rw-r--r-- 1 101 10 18 Jan 10 19:42 license -rw-r--r-- 1 101 10 49 Jan 10 19:43 passwd 

Hope this is what you are looking for ...

Urko,