Open zombiezen opened 2 months ago
I am porting Nix to Windows (upstream), btw, so I am curious what you will find.
Note that windows sandbox is a full Hyper-V VM, running its own full OS instance. It doesn't have a full virtual disk image, but this seems much heavier than you'd want.
I think you'd fare better with AppContainer. But I've never found very much about the actual low-level APIs or really dug deeply into this.(https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-for-legacy-applications- has some) - the main usage is things installed via MSIX, where the app packaging does the containerizing.
Nice, thanks for the pointers! I'll take a look. I am not super well-versed in low-level Windows stuff, so learning what's out there is helpful.
Linkdumping a few more things I found in the past:
https://scorpiosoftware.net/2019/01/15/fun-with-appcontainers/
https://github.com/zodiacon/RunAppContainer have some more more info Maybe this can even summon @zodiacon to say whether I'm crazy
https://github.com/microsoft/SandboxSecurityTools/tree/main/LaunchAppContainer
https://googleprojectzero.blogspot.com/2021/08/understanding-network-access-windows-app.html
https://blahcat.github.io/2020-12-29-cheap-sandboxing-with-appcontainers/
https://chromium.googlesource.com/chromium/src/+/HEAD/docs/design/sandbox.md and https://github.com/chromium/chromium/tree/main/sandbox/win are another reference -and this is built out of AppContainer - though not through the documented high-level API (CreateAppContainerProfile), but instead through undocumented lower-level pieces like CreateLowBoxObjectDirectory, NtCreateLowBoxToken (LowBox is an old name for AppContainer, combining the "Low" integrity level that you're restricted to with the "Box" aspect of having a separate namespace for most kernel objects.
Not exactly sure what this will look like yet, but Windows Sandbox looks promising.
I'm basically looking for: