[clug] Process sandboxing

Jeremy Kerr jk at ozlabs.org
Thu Jul 14 19:05:40 MDT 2011


Hi Jeff,

> Anyone have any thoughts on sand boxing a process on linux?

I recently saw a demo of arkose:

 https://launchpad.net/arkose

Stéphane was using it to run skype, but with only the privileges it
needed - NATted-network, restricted access to the X server, and isolated
from the real filesystem (but shared access to ~/.Skype).

It's available in Natty (as version 0.3.2), but there has been a lot of
development lately, so you may want to check out later releases.

Would this suit what you're doing?

Cheers,


Jeremy



More information about the linux mailing list