[clug] Process sandboxing
jeffm at ghostgun.com
Thu Jul 14 23:44:28 MDT 2011
Interesting idea. Doesn't appear to be applicable as I'm running things
without a GUI on a server. Although I have pinned down the exact
requirements. I'm looking to lock out everything except communication to
the master program, CPU cycles, memory, and filesystem which are all
limited. This make the approach of locking of everything the adding
things back in more appropriate. It would be good if arkose (or
something similar) see wide spread use in the desktop arena.
On 15/07/11 11:05 AM, Jeremy Kerr wrote:
> Hi Jeff,
>> Anyone have any thoughts on sand boxing a process on linux?
> I recently saw a demo of arkose:
> Stéphane was using it to run skype, but with only the privileges it
> needed - NATted-network, restricted access to the X server, and isolated
> from the real filesystem (but shared access to ~/.Skype).
> It's available in Natty (as version 0.3.2), but there has been a lot of
> development lately, so you may want to check out later releases.
> Would this suit what you're doing?
More information about the linux