Manage Sandboxes and Security

Legato sandboxes provide a security mechanism to separate running apps in the same system.

By default, the Supervisor automatically creates (and destroys) sandboxes for each app (with all the files and IPC services needed). At runtime, only these approved files and IPC services can be accessed by the app.

You configure Legato sandboxes through Definition Files.

There are Sandboxed App Limits you should understand.

Here are some details on creating and building a Use Sandboxes.


Legato also supports Implementing SMACK