Use Sandboxes

This topic describes how to create your apps to properly use Legato's Sandboxes feature.

We've used a Python hello world app example of sandboxing throughout this topic.

Create Sandboxed Apps

To use sandboxing properly, you basically import everything your app needs into your sandbox. See Create Apps for details on the basic elements needed for Legato apps.

Create your hello.py app like this:

python
print("Hello world!")

Import Stuff

You need to import your app and the Python library into the sandbox. To do this, you create an .adef like this helloPython.adef sample:

bundles:
{
file:
{
hello.py /
}
}
requires:
{
file:
{
/usr/bin/python /usr/bin/
}
}
processes:
{
run:
{
( python /hello.py)
}
}

Build and Install App

You're ready to build and install your sandboxed app:

mkapp helloPython.adef -t wp85 && instapp helloPython.wp85.update 192.168.2.2

Check Logs

Okay, not quite so fast. To ensure everything fired correctly, you need to check your log:

logread | grep python

Although you loaded the libraries, you may still see an error like this output for our py example:

python: error while loading shared libraries: libpython2.7.so.1.0: cannot open shared object file: No such file or directory

The library path /usr/lib/libpython2.7.so.1.0 /usr/lib/ needs to be added to the .adef to the requires/file section:

bundles:
{
file:
{
hello.py /
}
}
requires:
{
file:
{
/usr/bin/python /usr/bin/
/usr/lib/libpython2.7.so.1.0 /usr/lib/
}
}
processes:
{
run:
{
( python /hello.py)
}
}

If you're unsure of a library path, run:

find -name libpython2.7.so.1.0 /

Then you need to build and install it again:

mkapp helloPython.adef -t wp85 && instapp helloPython.wp85.update 192.168.2.2

Check the log, and it's still complaining about libutil.so.1, so we add /lib/libutil.so.1 /lib/ to the requires/files section:

requires:
{
file:
{
/usr/bin/python /usr/bin/
/usr/lib/libpython2.7.so.1.0 /usr/lib/
/lib/libutil.so.1 /lib/
}
}

You also need to add these directories to the .adef dir section:

dir:
{
/usr/lib/python2.7 /usr/lib/
/usr/include/python2.7 /usr/include/
}

Environment Variables

The log now displays something like getpwuid(): uid not found: 1017. You need to set the environment variables. For our py example, you add this to the .adef file processes section:

envVars:
{
HOME="/"
}

Sandbox Working Correctly

Viewing the logs one more time, you see INFO | python[8816] | Hello world!. Congrats, you just setup up a properly sandboxed Legato app!