[clug] Process sandboxing

jm jeffm at ghostgun.com
Thu Jul 14 23:44:28 MDT 2011

Interesting idea. Doesn't appear to be applicable as I'm running things 
without a GUI on a server. Although I have pinned down the exact 
requirements. I'm looking to lock out everything except communication to 
the master program, CPU cycles, memory, and filesystem which are all 
limited. This make the approach of locking of everything the adding 
things back in more appropriate. It would be good if arkose (or 
something similar) see wide spread use in the desktop arena.

thanks anyway,
On 15/07/11 11:05 AM, Jeremy Kerr wrote:
> Hi Jeff,
>> Anyone have any thoughts on sand boxing a process on linux?
> I recently saw a demo of arkose:
>   https://launchpad.net/arkose
> Stéphane was using it to run skype, but with only the privileges it
> needed - NATted-network, restricted access to the X server, and isolated
> from the real filesystem (but shared access to ~/.Skype).
> It's available in Natty (as version 0.3.2), but there has been a lot of
> development lately, so you may want to check out later releases.
> Would this suit what you're doing?
> Cheers,
> Jeremy

More information about the linux mailing list