The 'sandbox' esh plug-in
-------------------------

The 'sandbox' plug-in provides functionality for running commands within an environment with control over what syscalls the command can make. The plugin works by taking as a command line argument a comma-separated list of syscall names or numbers to add to a blacklist*. It also takes the command and all of its argument to run. 

When the sandbox command is invoked, it forks off a child process to run the given command. It then intercepts each syscall from the child process and checks it against the blacklist. If the syscall the child process is requesting is present in the blacklist, sandbox kills the command.

Usage:
sandbox [-C syscall_spec] [-v] executable
  syscall_spec: comma separated list of syscall numbers or names
  ex: sandbox -C 1,write,5 ./sketchy_program arg1 arg2
  -v: verbose - print out each syscall that is intercepted

*We realize that blacklisting is a brittle and ineffective method for sandboxing, however without going into detail of implementing an observational mode, blacklisting provides a viable proof-of-concept of the functionality.

Written by
---------
James Reed (jamesr66@)
Griffin Jarmin (gajarmin@)