sydbox is a ptrace-based sandbox implementation. It intercepts system calls, checks for allowed filesystem prefixes, and denies them when checks fail. It has basic support for disallowing network connections. It has basic support to sandbox execve calls. It is based in part on catbox and strace.
Release Notes: This is a maintenance release addressing a few issues. Note that no few features are going to be added to sydbox-0.
Release Notes: SYDBOX_USER_CONFIG was fixed.
Release Notes: This release removes the EFAULT hack for NULL path arguments now that pinktrace is fixed. It uses pinktrace's API to decode NULL-terminated string arrays for execve(). It requires pinktrace 0.0.3.
Release Notes: Pinktrace is now required. A supplementary configuration file is supported via a SYDBOX_USER_CONFIG environment variable.
Release Notes: This release fixes handling of rmdir and adds basic support for network aliases.