[clug] Process sandboxing
jk at ozlabs.org
Thu Jul 14 19:05:40 MDT 2011
> Anyone have any thoughts on sand boxing a process on linux?
I recently saw a demo of arkose:
Stéphane was using it to run skype, but with only the privileges it
needed - NATted-network, restricted access to the X server, and isolated
from the real filesystem (but shared access to ~/.Skype).
It's available in Natty (as version 0.3.2), but there has been a lot of
development lately, so you may want to check out later releases.
Would this suit what you're doing?
More information about the linux