Linux App Finder

Plash is a system for sandboxing GNU/Linux programs. Plash's aim is to protect you from the programs you run by letting you run them with the minimum authority and privileges they need do do their job -- this is the Principle of Least Authority (POLA). Plash can run programs in a secure, restricted execution environment with access to a limited subset of your files.

Plash can be used to run servers, command line tools, and applications with graphical user interfaces:

- Applications with graphical interfaces: You can dynamically grant GUI applications access rights to individual files that you want to open or edit. This happens transparently through the Open/Save file chooser dialog box. Plash replaces Gtk's GtkFileChooserDialog so that the file chooser is implemented outside the application in a separate process, as a trusted component. This file chooser is known as a powerbox, because it delegates additional power to the application. See examples and screenshots.
- Servers: You can run a network-accessible server with minimal access rights so that if it is compromised (e.g. via a buffer overrun bug), the adversary cannot compromise the whole machine. Or you can set up an HTTP or FTP server with a limited view of the filesystem to export handpicked files without having to rely on the server's application-level access control mechanisms. See examples.
- Command line tools: Using Plash, you can run tools with read-only access to their inputs and write access to their outputs. Sandboxes are lightweight, so you can, for example, create a sandbox for running gcc to compile a single file. See examples.

Plash virtualizes the file namespace, and provides per-process/per-sandbox namespaces. Plash grants access to files by mapping them into otherwise empty namespaces. This allows for fine-grained control over dependencies: You can link a program with specific versions of dynamic libraries by mapping individual files; or you can just map the whole /usr directory into the program's namespace.

Plash provides two main interfaces for granting access rights to sandboxed processes:

- The pola-run tool: This is a command line interface for launching programs to run inside a sandbox. Its arguments let you grant the sandboxed program access to files and directories. pola-run can be used from within a sandbox, allowing nested sandboxes.
- The powerbox: This is a GUI that works transparently -- it adds a security role to a dialog box that normal users already use for choosing files. Users therefore do not have to adjust much. However, applications or their libraries must be changed to make requests via the powerbox component.

pola-shell is another way to launch sandboxed programs. It is a shell with syntax similar to the Bourne shell or Bash. It lacks many scripting features so is intended for interactive use only.