reproduce-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[task #15701] Sandboxing the execution of the project

From: Mohammad Akhlaghi
Subject: [task #15701] Sandboxing the execution of the project
Date: Wed, 29 Jul 2020 06:40:59 -0400 (EDT)
User-agent: Mozilla/5.0 (Linux; Android 7.0; SM-A510F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 
Follow-up Comment #9, task #15701 (project reproduce):

This is interesting Mohammad-reza, thanks ;-).

I had a fast look in its How Jail works
<http://www.jmcresearch.com/projects/jail/design.html> page and noticed this:
"Jail is a login tool. Jail works as a wrapper to the user shell, so when the
user log in the machine Jail is launched, and the chrooted environment is
activated. Then, Jail execs the real user shell, so he gets his session in the
server."

If I understand correctly, it requires a log-in by the user and wraps over
their shell. We can't force users to do this! A principle of Maneage is to
have no effect on the host ;-).

You also mentioned one-time engagement of root privilege, which we also can't
assume in Maneage.

Please correct me if I am wrong ;-).

    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/task/?15701>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]