Sandbox Overview

To understand how Legato sandboxes are implemented, see conceptsSecuritySandbox basics.
There's also an topic on how to Sandbox Config Sample.


Sandboxes are configured through the Definition Files :

App configuration is provided to the on-target framework through system config tree settings.

Common Problems

These are some common reasons for sandbox problems:

  • permissions are set incorrectly: check the .cdef bundles section to ensure permissions are valid.
  • a file is missing from the file system within the sandbox: check that the files in .cdef requires and .adef requires sections include all required files.
  • you've reached a sanboxed app limit.

Sandbox Config Sample contains detailed instructions on how to troubleshoot sandbox problems.

Sandbox Sample Apps

Legato provides sample apps that use sandboxes:
Shell Piping
Command Line

Sample Code

This is the Shell Piping sample app's .adef file:

start: manual

        // Bundling the script into the sandbox with the permissions needed to run it.
        [rx] utilPipes    /

        // Adding sh (shell), ls, grep and echo utilities into the sandbox.
        /bin/sh     /usr/local/bin/
        /bin/ls     /usr/local/bin/
        /bin/grep   /usr/local/bin/
        /bin/echo   /usr/local/bin/

        // Run sh (shell) and pass it the script for it to run.
        (sh utilPipes)

Access Services Outside

A Legato sandboxed app can access services outside its sandbox. All available services are advertised by the Service Directory. Apps connect to services through a request to the Service Directory. The Service Directory grants access only if the app has been explicitly bound to a service (using the .adef and .sdef bindings section).

If you want to allow direct access to bind mount objects from the file system (e.g., files, directories, named sockets and pipes, etc.), explicitly allow it through app configuration in the .adef and .cdef files requires section.


Although it's not recommended, you can turn-off sandboxing by setting sandboxed to false.