Sandbox (Portage)

Sandbox is a library (and helper utility) to run programs in a "sandboxed" environment, i.e. to restrict a process's access to system ressources. This is used as a QA measure to try and prevent applications from modifying files they should not.

In Gentoo, it is used to build applications as root, making sure that the build system does not do anything harmful outside of its build directory - such as install files to the live root file system or modify config files on the fly.

For people who are familiar with the Debian "fakeroot" project or the RPM based "InstallWatch", sandbox is in the same vein of these projects.

Installation
All Gentoo installations come with Sandbox. Like all data, there is a possibility Sandbox can become corrupted or even uninstalled, which is very bad. If this is the case there are ways Sandbox can be recovered.

Files
There are multiple files used to configure Sandbox.

See /etc/sandbox.conf and configuration files for more information.

External resources

 * https://wiki.debian.org/FakeRoot
 * https://asic-linux.com.mx/~izto/checkinstall/installwatch.html