User: Password:
Subscribe / Log in / New account



Posted Feb 2, 2010 16:10 UTC (Tue) by michaeljt (subscriber, #39183)
In reply to: Sanboxing by cmccabe
Parent article: Security in the 20-teens

A dumb follow-up question, but one that has been on my mind for a while: are there any (more or
less) simple ways a *user* process can drop its privileges and enter a sandbox voluntarily without
using something as heavy duty as SELinux? Like setting the RLIMIT_NOFILE hard limit to one after it
has opened all files and sockets it needs? I am assuming of course that it is a true user process,
not setuid root or whatever.

(Log in to post comments)


Posted Feb 2, 2010 18:52 UTC (Tue) by drag (subscriber, #31333) [Link]

Use LXC.

I can setup a LXC container as root that then can be safely used by users.
This is done through Linux file capabilities and does not require any
setuid programs or anything to be done.

It's as simple as running 'debootstrap' in a directory, installing firefox
into it, and then setting up a lxc configuration.

From then on users can execute firefox from that environment, using their
own UIDs and such, and have the output passed to Xephyr or to their own X

I've done it. It works, it is fast, and unlike chroot it does not require
root rights and is designed for security. It has various levels of
isolation you can setup.

Unlike SELinux it's easy to understand and for mortals to understand.

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds