HowTo? let sandboxed program mount a drive

Post Reply
SamDi
Posts: 11
Joined: Fri Jan 27, 2023 4:28 am

HowTo? let sandboxed program mount a drive

Post by SamDi »

Hi!
I'm using SB+x64.1.6.7 on Win10x64.
When starting pcloud client (4.0.4) it normally mounts a drive P:\ (using CBFS) which represents the cloud storage.
When starting it sandboxed (Enhanced Isolation, Privacy Enhanced) it doesn't connect this drive.

Which additional settings are required?


Thank you very much.

P.S. actual Sandbox config:

Code: Select all

[pCloud]
Enabled=y
BlockNetworkFiles=y
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#0423ee,ttl
Template=BlockTelemetry
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
ConfigLevel=9
AutoRecover=y
UseSecurityMode=y
UsePrivacyMode=y
OpenFilePath=P:\
OpenFilePath=S:\Data
OpenFilePath=R:\pCloud
OpenFilePath=C:\Users\SamDi\AppData\Local\pCloud
ForceProcess=pCloud.exe
ForceProcess=msedgewebview2.exe

User avatar
bastik-1001
Posts: 361
Joined: Sat Apr 22, 2023 8:30 am
Contact:

Re: HowTo? let sandboxed program mount a drive

Post by bastik-1001 »

Could you make it work? If so, please share your knowledge.

You may try without the privacy mode, to check if that is causing the issue. Just for testing. If it works without, there are other resources that need to be made accessible (either just reading or reading and writing).

SamDi
Posts: 11
Joined: Fri Jan 27, 2023 4:28 am

Re: HowTo? let sandboxed program mount a drive

Post by SamDi »

Running it in a standard sandbox helped.
It just doesn't protect ones files/privacy if untrusted software can access anything :(

Sadly there's no support from the vendor even for Paying/PRO users.

User avatar
bastik-1001
Posts: 361
Joined: Sat Apr 22, 2023 8:30 am
Contact:

Re: HowTo? let sandboxed program mount a drive

Post by bastik-1001 »

Well, good that it works with a standard box. Now it seems that what has to be done is to figure out what resource is needed to be made available in some way, while the privacy setting is enabled.

@DavidXanatos, what's the best way of finding out what resource that is.
Sadly there's no support from the vendor even for Paying/PRO users.
Maybe, if you reach out directly. Understandably, support isn't satisfactory.

SamDi
Posts: 11
Joined: Fri Jan 27, 2023 4:28 am

Re: HowTo? let sandboxed program mount a drive

Post by SamDi »

@DavidXanatos, what's the best way of finding out what resource that is.
That's what I wanted to find out with this thread.
I don't use to use proprietary software when avoidable but in case I could limit e.g. pClouds client access to a very few folders it was way safer to use than with full access to everything or having to run pCloud as different user and work through file-/folder permissions (pCloud client has deltasync, FOSS rclone hasn't).

I use/pay the software "as is", even without support it's still worth the money for me. So, as I said, it's just "sadly" there's no support.


P.S. Though having the box checked I don't get an email when forum threads are updated so only come by every once in a while.

User avatar
bastik-1001
Posts: 361
Joined: Sat Apr 22, 2023 8:30 am
Contact:

Re: HowTo? let sandboxed program mount a drive

Post by bastik-1001 »

About e-Mails, someone else mentioned that and I reached out to David about that, recently, but he did not log in here, so he could not look into the configuration.

For the same reason, he has not replied to your report or my attempt to reach out for help.

Support was probably better as there was a company releasing a product, with other products available as well, so they had the resources to have staff to handle this. With the fork after the release of the sources, things are different. I am not sure, if there were more users on here before the fire took out the forum, which could not be restored, but I still hope that this forum will get more users, so that they can help each other.

I had this idea for some time and now that upcoming releases will have a troubleshooting wizard, it could be something that makes it easier to use different kinds of boxes, if the program works in the first place.

For now, you can take a look at the resources the program accesses in the standard box, by enabling the stack trace feature of Sandboxie. You can enable that in "View", where you select "Trace Logging". Now you can start the program in the standard box, use it like you intend to, and observe in the Trace Log what gets accesses. Then you can open the option for the sandbox and add the resources to it via "Resource Access" option.

If the trace of Sandboxie/Sandman was not helpful, maybe the Process Monitor (Procmon) made by Sysinternals helps you to identify what the program accesses, while running in the standard box, that it needs to be able to access in the privacy type box.

I can't tell you if there is a better way, which is why I thought David could provide a better answer.

Post Reply