Testing your full software stack on a single machine.

Download Download

Clone with git

Report a bug

scroll for more information




Preloading is a feature of the dynamic linker (ld). On most UNIX systems ld allows you to load a number of libraries before those that are required by an executable. The cwrap project uses this feature to implement special libraries which can be used to fake certain behavior of the system. Think of it like "The Matrix" where reality is simulated and everything is a lie!
Learn more ...

An isolated network.


socket_wrapper makes possible to run several instances of a a full client/server software stack on the same machine and to perform functional testing of many complex network configurations locally, with without going out to the network.
Learn more about socket_wrapper...

Users and groups, with artificial flavors


System management software often requires to create, modify, or delete unix users. Or just switch user identity its processes use to interact with the system e.g., a privilege separation in a user space file server. To be able to test that you need the privilege to modify the passwd and groups file. With nss_wrapper it is possible to define your own passwd and groups file which will be used by software to act correctly while under test.
Learn more about nss_wrapper...

Network name resolution.

Applications believe in DNS resolution. nss_wrapper allows them to believe in your twist of their reality and seamlessly blend addresses they get through socket_wrapper with DNS resolution of their host names.
Learn more about nss_wrapper...

Privilege separation.

File serving applications often need a privilege separation to be able to switch to the connecting user identity and do required file operations. uid_wrapper convincingly lies to the applications, letting them to believe they are operating as root and even switching between uids and gids as needed.
Learn more about uid_wrapper...

DNS queries.

It is likely that if you have a server/client architecture, you need to do DNS queries or a third party library, like Kerberos needs to be able to do queries. In the case of Kerberos the client needs to lookup the address of the KDC via a SRV record. resolv_wrapper is able to either redirect all DNS queries to your DNS server implementation, or fake DNS replies!
Learn more about resolv_wrapper...

Testing PAM.

This tool makes it easy to either test an application that uses pluggable authentication modules (PAM) to authenticate a user, or to develop test cases to make sure that a PAM module under development is working correctly. It enables developers to create unit tests for their PAM-using code in a simple manner.
Learn more about pam_wrapper...

Dropping privileges.

This tool allows you to avoid drop privileges and limiting resources by wrapping the calls responsible like chroot or setrlimit.
Learn more about priv_wrapper...


priv_wrapper 1.0.1

A new version of priv_wrapper has been released address issues on PPC64.

read more

socket_wrapper 1.3.5

A new version of socket_wrapper, a tool to create artifical networks has been released. This fixes several small issues.

read more

priv_wrapper 1.0.0

Initial release for privilege dropping wrapper.

read more

cwrap is an open source project, feel free to use it, share with love, if you want to collaborate just contact us.