Hierarchical Sandboxes
Posted: Sun May 15, 2011 8:22 am
Feature Request: For Sandboxie to allow a structured hierarchy of sandboxes, so that a sandbox can effectively overlay another sandbox. The higher-level (ie overlaying) sandbox will see the files and resources of the lower-level sandbox but not vice versa. Allowing a sandbox to see multiple sandboxes would be nice but could give rise to path conflicts, so let's try to keep it simple for now.
All processes to run in the top level sandbox, ie the sandbox furthest from the real OS files. This is effectively what it does now.
The depth of the hierarchy should ideally be unlimited but might need to be constrained by practical considerations.
Details: As I understand it, Sandboxie allows for a 2-level hierarchy: the sandbox and below it the real operating system files. As a result (and as a feature), files in sandbox A are not visible or available to a process running in sandbox B. The feature request does not affect this important aspect of Sandboxie's functionality but rather seeks to extend its capabilities to a new level (excuse the pun).
Clearly, the single-level sandbox + OS will generally be sufficient for most users on most occasions. However, there have been enough occasions when I would have found this feature to be very useful for me to propose this feature request.
A random but, I hope, useful example of what I'm talking about: I want to test out a new product that runs with FF, ProductX, possibly testing different (ProductX) configurations. Firefox is permanently installed on my machine and normally runs in its forced folder and deletes the sandboxed contents when FF closes. I want to test ProductX in a separate sandbox but then FF can't see it because it too is sandboxed. Other than running FF unsandboxed, it seems that right now I need to install (and again configure) FF and ProductX together in the same sandbox - but this carries the risk that the "real” FF and the copy FF could be configured differently, plus I can no longer clear out the sandbox when FF closes. Given the possibility of multiple configurations of ProductX in separate sandboxes and it starts to get a bit messy.
With the proposed feature, I would be able to install ProductX in a separate sandbox and then run FF normally in its own sandbox. I then know that I'm using a consistent version of FF, with the additional benefit that I can clear out the FF sandbox when I close FF. There would also be the potential to create multiple ProductX sandboxes, each configured differently, and then simply point the FF sandbox to a different ProductX sandbox.
It is important to note that FF and ProductX would always be running in the Firefox sandbox but ProductX would get its data from the subordinate, ie ProductX, sandbox. In other cases, the normal data "inheritance" rules would apply, ie the data from the highest applicable sandbox would be used.
Caveat: I don't claim to have thought through all possible implications/complications but this suggestion is offered as a starting point.
Rog
All processes to run in the top level sandbox, ie the sandbox furthest from the real OS files. This is effectively what it does now.
The depth of the hierarchy should ideally be unlimited but might need to be constrained by practical considerations.
Details: As I understand it, Sandboxie allows for a 2-level hierarchy: the sandbox and below it the real operating system files. As a result (and as a feature), files in sandbox A are not visible or available to a process running in sandbox B. The feature request does not affect this important aspect of Sandboxie's functionality but rather seeks to extend its capabilities to a new level (excuse the pun).
Clearly, the single-level sandbox + OS will generally be sufficient for most users on most occasions. However, there have been enough occasions when I would have found this feature to be very useful for me to propose this feature request.
A random but, I hope, useful example of what I'm talking about: I want to test out a new product that runs with FF, ProductX, possibly testing different (ProductX) configurations. Firefox is permanently installed on my machine and normally runs in its forced folder and deletes the sandboxed contents when FF closes. I want to test ProductX in a separate sandbox but then FF can't see it because it too is sandboxed. Other than running FF unsandboxed, it seems that right now I need to install (and again configure) FF and ProductX together in the same sandbox - but this carries the risk that the "real” FF and the copy FF could be configured differently, plus I can no longer clear out the sandbox when FF closes. Given the possibility of multiple configurations of ProductX in separate sandboxes and it starts to get a bit messy.
With the proposed feature, I would be able to install ProductX in a separate sandbox and then run FF normally in its own sandbox. I then know that I'm using a consistent version of FF, with the additional benefit that I can clear out the FF sandbox when I close FF. There would also be the potential to create multiple ProductX sandboxes, each configured differently, and then simply point the FF sandbox to a different ProductX sandbox.
It is important to note that FF and ProductX would always be running in the Firefox sandbox but ProductX would get its data from the subordinate, ie ProductX, sandbox. In other cases, the normal data "inheritance" rules would apply, ie the data from the highest applicable sandbox would be used.
Caveat: I don't claim to have thought through all possible implications/complications but this suggestion is offered as a starting point.
Rog