- name: sandbox
- description: Produce a fully-sandboxed executable
- command-line: –sandbox
- command-line for negation: –no-sandbox
- option type: boolean option
- default: False
- translation.gc should be set to ‘generation’
- translation.gcrootfinder should be set to ‘shadowstack’
- translation.thread should be set to ‘False’
Generate a special fully-sandboxed executable.
The fully-sandboxed executable cannot be run directly, but only as a subprocess of an outer “controlling” process. The sandboxed process is “safe” in the sense that it doesn’t do any library or system call - instead, whenever it would like to perform such an operation, it marshals the operation name and the arguments to its stdout and it waits for the marshalled result on its stdin. This controller process must handle these operation requests, in any way it likes, allowing full virtualization.
For examples of controller processes, see