#include <unistd.h>     
#include <sys/types.h>  
#include <stdio.h>    
#include <sys/wait.h> 
#include <stdlib.h>  
#include <errno.h>
#include <sys/capability.h>

#define STIME 300
 
int main() {
    pid_t childpid; 
    int status;     

    if ((childpid = fork()) == 0) {

        printf("Sandboxed: %d, sleeping %d secs...\n", getpid(),STIME);

        if (cap_enter() != 0 && errno != ENOSYS) {
		printf("Unable to enter sandbox!\n");
		exit(1);
	}

	/* This is not allowed */
	system("ls -al");

	/* Sleep and bail out */
        sleep(STIME); 
        exit(0); 
    } else {
        wait(&status); 
    }
    exit(0);         
}