reproduce-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[task #15701] Sandboxing the execution of the project

From: Mohammadreza Khellat
Subject: [task #15701] Sandboxing the execution of the project
Date: Wed, 29 Jul 2020 05:56:40 -0400 (EDT)
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 
Follow-up Comment #8, task #15701 (project reproduce):

A quick update on this on how to create the chroot environment, in terms of
what block devices, ... would be required from /dev, .... 

A nice login shell called jail from 2001, and the discussion there,

http://www.jmcresearch.com/projects/jail/

Of course, for us, the mechanics of the perl script which would create the
minimalist chroot environment has the highest priority. This could nicely fit
to the philosophy of creating the minimalist environment required to build and
run a project.

The code can be downloaded from 
http://www.jmcresearch.com/projects/jail/

I will be working on combining this with an unprivileged user namespace. 

However, the general Idea of a jailed login shell in a server environment is
very effective and would require one-time engagement of root privilege. 

    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/task/?15701>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]