Re: the easy way to sandbox?
From: Alan Cox
Date: Mon May 21 2012 - 14:50:03 EST
On Mon, 21 May 2012 09:28:13 -0700
ivo welch <ivo.welch@xxxxxxxxxxxxxxxxx> wrote:
> Suggestion: introduce a system call that eliminates access to all
> real file systems for the current process. the only permissible
> interaction would be stdin, stdout, and stderr.
>
> this would make it very simple to write a sandboxed safe fcgi script.
No it wouldn't - because of things like ptrace.
Sandboxing done right is *hard*. SELinux and the other security setups
can do it. Containers can do interesting stuff in this space. Probably
the distros sometimes need to package the tools for it better.
Take a look at some of the cloud service code people have published.
Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/