[clug] Process sandboxing
jm
jeffm at ghostgun.com
Thu Jul 14 18:08:53 MDT 2011
I did find a couple of articles talking about the chromium use of
seccomp. The implementation is made available at
http://code.google.com/p/seccompsandbox/ . I also found this
http://chdir.org/~nico/seccomp-nurse/ which appears, at least as first
glance to be an implementation of the same idea in a more generalised
form. It has a nice diagram to help explain to concept to boot. Though
it makes more sense after having read
http://www.imperialviolet.org/2009/08/26/seccomp.html
This seems to be the best fit to the problem at hand. Virtualisation
doesn't solver the problem, after looking into it, as it's too heavy
handed and you can't limit the script down to only being able to talk to
your master program and not open network connections etc (it's a
different form of isolation than I'm after). selinux does seem to be
able to do what I want, but I think it would take me for ever to for me
to get it to work and have confidence in it. Plus I'd have have to lock
down the entire machine which would make it much harder to do other
things and slow progress to a crawl.
In short, these seccomp tools seem to be worth downloading and
investigating further. In the meantime, it's back to the day job.
Jeff.
On 14/07/11 2:19 PM, Ben Nizette wrote:
> This is more or less what the seccomp kernel extension is supposed to do (I've not used it myself). The risk is that this mechanism is too restrictive and not sufficiently configurable - that's certainly what the Chrome people were saying when they looking in to seccomp for their sandbox. Might work for your app though.
>
> --Ben.
>
More information about the linux
mailing list