Get Inspired
Docs
Blog
Articles
Native Client
Welcome to Native Client Technical Overview NaCl and PNaCl
WebAssembly Migration Guide
Download the Native Client SDK Examples Release Notes
C++ Tutorial: Getting Started (Part 1) C++ Tutorial: Getting Started (Part 2) Chrome Dev Summit 2014 - Native Client Codelabs
Building Running Debugging Debugging with Visual Studio Dynamic Linking and Loading with glibc
Application Structure Native Client Modules 3D Graphics Audio File I/O The nacl_io Library Messaging System Progress Events URL Loading View Change, Focus, and Input Events
Distributing Your Application
Pepper C API Reference (Stable) Pepper C++ API Reference (Stable) Pepper C API Reference (Beta) Pepper C++ API Reference (Beta) Pepper C API Reference (Dev) Pepper C++ API Reference (Dev)
Glossary Contributor Ideas Native Client Manifest (nmf) Format Contents Of PNaCl Bitcode Files PNaCl Bitcode Reference Manual PNaCl Undefined Behavior PNaCl C/C++ Language Support Sandbox Internals Design Documents
Frequently Asked Questions Help with NaCl Publications and Presentations Security Contest Archive
Native Client
Welcome to Native Client Technical Overview NaCl and PNaCl
WebAssembly Migration Guide
Download the Native Client SDK Examples Release Notes
C++ Tutorial: Getting Started (Part 1) C++ Tutorial: Getting Started (Part 2) Chrome Dev Summit 2014 - Native Client Codelabs
Building Running Debugging Debugging with Visual Studio Dynamic Linking and Loading with glibc
Application Structure Native Client Modules 3D Graphics Audio File I/O The nacl_io Library Messaging System Progress Events URL Loading View Change, Focus, and Input Events
Distributing Your Application
Pepper C API Reference (Stable) Pepper C++ API Reference (Stable) Pepper C API Reference (Beta) Pepper C++ API Reference (Beta) Pepper C API Reference (Dev) Pepper C++ API Reference (Dev)
Glossary Contributor Ideas Native Client Manifest (nmf) Format Contents Of PNaCl Bitcode Files PNaCl Bitcode Reference Manual PNaCl Undefined Behavior PNaCl C/C++ Language Support Sandbox Internals Design Documents
Frequently Asked Questions Help with NaCl Publications and Presentations Security Contest Archive

Sandbox Internals

Warning

Deprecation of the technologies described here has been announced for platforms other than ChromeOS.

Please visit our migration guide for details.

The sandbox internals documentation describes implementation details for Native Client sandboxing, which is also used by Portable Native Client. These details can be useful to reimplement a sandbox, or to write assembly code that follows sandboxing rules for Native Client (Portable Native Client does not allow platform-specific assembly code).

As an implementation detail, the Native Client sandboxes described here are currently used by Portable Native Client to execute code on the corresponding machines in a safe manner. The portable bitcode contained in a pexe is translated to a machine-specific nexe before execution. This may change at a point in time: Portable Native Client doesn’t necessarily need these sandboxes to execute code on these machines. Note that the Portable Native Client compiler itself is also untrusted: it too runs in a Native Client sandbox described below.

Native Client has sandboxes for:

Improve article

This site uses cookies to deliver and enhance the quality of its services and to analyze traffic. If you agree, cookies are also used to serve advertising and to personalize the content and advertisements that you see. Learn more about our use of cookies.