[clug] Process sandboxing

[jm]

I did find a couple of articles talking about the chromium use of 
seccomp. The implementation  is made available at 
http://code.google.com/p/seccompsandbox/ . I also found this 
http://chdir.org/~nico/seccomp-nurse/ which appears, at least as first 
glance to be an implementation of the same idea in a more generalised 
form. It has a nice diagram to help explain to concept to boot. Though 
it makes more sense after having read 
http://www.imperialviolet.org/2009/08/26/seccomp.html

This seems to be the best fit to the problem at hand. Virtualisation 
doesn't solver the problem, after looking into it, as it's too heavy 
handed and you can't limit the script down to only being able to talk to 
your master program and not open network connections etc (it's a 
different form of isolation than I'm after). selinux does seem to be 
able to do what I want, but I think it would take me for ever to for me 
to get it to work and have confidence in it. Plus I'd have have to lock 
down the entire machine which would make it much harder to do other 
things and slow progress to a crawl.

In short, these seccomp tools seem to be worth downloading and 
investigating further. In the meantime, it's back to the day job.

Jeff.

On 14/07/11 2:19 PM, Ben Nizette wrote:
> This is more or less what the seccomp kernel extension is supposed to do (I've not used it myself).  The risk is that this mechanism is too restrictive and not sufficiently configurable - that's certainly what the Chrome people were saying when they looking in to seccomp for their sandbox.  Might work for your app though.
>
> 	--Ben.
>