Unprivileged Sandboxing

In unprivileged sandboxing, every process should be able to make use of sandboxing.

The key idea is that after each sandbox policy enforcement, a process can only do a subset of the operations that it could do before, and there is no way to regain these rights for that process.

On Linux, this is a contrast to other sandboxing mechanisms like AppArmor and SeLinux, where policies can only be defined by privileged users (e.g. root).

Some unprivileged sandboxing mechanisms are:

• OpenBsdPledge, OpenBsdUnveil
• SeccompBpf, LandlockLsm
• FreeBsdCapsicum

With LinuxNamespaces, the story is more convoluted - They traditionally require higher privileges to use, but these can on some Linux installations be attained through UnprivilegedUserNamespaces.