Many applications and their dependencies spawn child processes for additional functionality. To provide seamless access control across such an execution boundary, the child procoesses should run inside a Pyronia sandbox. Two types of subprocesses are supported: Python and native executables.
API to implement:
[ ] spawn_in_sandbox(library, command, is_python): Query the kernel for the permissions of the library, generate a sandbox policy with the library permissions and subprocess type from a policy template, load the policy into the kernel, and exec the command.
Many applications and their dependencies spawn child processes for additional functionality. To provide seamless access control across such an execution boundary, the child procoesses should run inside a Pyronia sandbox. Two types of subprocesses are supported: Python and native executables.
API to implement:
spawn_in_sandbox(library, command, is_python): Query the kernel for the permissions of the library, generate a sandbox policy with the library permissions and subprocess type from a policy template, load the policy into the kernel, and exec the command.