[clug] Process sandboxing

jm jeffm at ghostgun.com
Wed Jul 13 21:43:34 MDT 2011

Anyone have any thoughts on sand boxing a process on linux? I was 
originally thinking of using chroot, but this still leaves network 
access and a few other holes open. The objective is to allow untrusted 
third parties to upload scripts to a server for it to run with the only 
way to communicate out being via functions I provide. It seems all the 
most common scripting languages make it nearly impossible to easily 
remove/limit functionality from the language. So the overhead of going 
that way would be a killer most likely involving modifying the 
interpreter for each language used. The alternative would be to get the 
OS to limit what the scripts can do.  Alright over to you guys.


More information about the linux mailing list