Manage Sandboxes and Security

Legato sandboxes provide a security mechanism to separate running apps in the same system.

By default, the Supervisor automatically creates (and destroys) sandboxes for each app (with all the files and IPC services needed). At runtime, only these approved files and IPC services can be accessed by the app.

You configure Legato sandboxes through Definition Files.

There are Sandboxed App Limits you should understand.

Legato also provides a Sandbox Helper host tool to help trace your sandboxed apps.

Here are some details on creating and building a sample sandbox.

Legato also supports Implementing SMACK