Re: [RFC] [PATCH 00/13] Introduce task_pid api
From: Serge E. Hallyn
Date: Wed Dec 14 2005 - 11:28:37 EST
Quoting Arjan van de Ven (arjan@xxxxxxxxxxxxx):
> On Tue, 2004-12-14 at 15:23 +0000, Pavel Machek wrote:
> > Hi!
> >
> > > One of my wish list items would be to run my things like my
> > > web browser in a container with only access to a subset of
> > > the things I can normally access. That way I could be less
> > > concerned about the latest browser security bug.
> >
> > subterfugue.sf.net (using ptrace), but yes, nicer solution
> > would be welcome.
>
> selinux too, as well as andrea's syscall filter thing and many others.
>
> the hardest is the balance between security and usability. You don't
> want your browser to be able to read files in your home dir (Except
> maybe a few selected ones in the browsers own dir)... until you want to
> upload a file via a webform.
Yup, right now I use a separate account (not in wheel) for web browsing,
which using Janak's unshare() patch and a small pam library gets its own
namespace which can't see my dmcrypted home partition and has private
/tmp. File sharing is done through a non-standard tmp, just to prevent
scripts from using it.
Pretty convenient, but it really wants some stronger isolation. You'd
think I'd at least use my bsdjail to keep unix sockets and such safe...
Anyway, real containers would indeed be far more convenient, or at least
prettier.
-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/