[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[task #15701] Sandboxing the execution of the project
From: |
Mohammadreza Khellat |
Subject: |
[task #15701] Sandboxing the execution of the project |
Date: |
Wed, 29 Jul 2020 07:21:41 -0400 (EDT) |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 |
Follow-up Comment #10, task #15701 (project reproduce):
[comment #9 comment #9:]
> If I understand correctly, it requires a log-in by the user and wraps over
their shell. We can't force users to do this! A principle of Maneage is to
have no effect on the host ;-).
>
Yeah as I mentioned, JAIL is a login shell.
And It is going to be used as the default shell of a user.
I suggest going through the full configuring Jail section. It is a quick easy
read.
But, as I mentioned at the top of my comment, the reason I shared this site is
to see what a *minimal* chroot environment is composed of.
If you remember, the discussion last time reached this point that we couldn't
do a chroot to the project's folder because some system components didn't
exist in the project folder such as /bin/bash,...
> You also mentioned one-time engagement of root privilege, which we also
can't assume in Maneage.
>
> Please correct me if I am wrong ;-).
Now getting back to my last argument, imagine the following scenario on a
server:
1- the server admin has created a user for jailed chroot. This user has
/usr/local/bin/jail as its defau;t shell in /etc/passwd or what other user
management system, the server is using.
2- You as an ordinary user login to your own shell.
3- you create a user namespace.
4- inside the user namespace, you login to that user created in step 1 and you
run your project with that user.
Of course, I am not suggesting this in general. Only, as a test in Server
environments and as a very raw idea.
_______________________________________________________
Reply to this item at:
<https://savannah.nongnu.org/task/?15701>
_______________________________________________
Message sent via Savannah
https://savannah.nongnu.org/
- [task #15701] Sandboxing the execution of the project, Mohammadreza Khellat, 2020/07/05
- [task #15701] Sandboxing the execution of the project, Mohammad Akhlaghi, 2020/07/05
- [task #15701] Sandboxing the execution of the project, Mohammad Akhlaghi, 2020/07/05
- [task #15701] Sandboxing the execution of the project, Mohammadreza Khellat, 2020/07/29
- [task #15701] Sandboxing the execution of the project, Mohammad Akhlaghi, 2020/07/29
- [task #15701] Sandboxing the execution of the project,
Mohammadreza Khellat <=
- [task #15701] Sandboxing the execution of the project, Mohammad Akhlaghi, 2020/07/29
- [task #15701] Sandboxing the execution of the project, Mohammadreza Khellat, 2020/07/30
- [task #15701] Sandboxing the execution of the project, Mohammad Akhlaghi, 2020/07/30