[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Plash] What sandboxing would be the best?
|
From: |
xavierpij |
|
Subject: |
[Plash] What sandboxing would be the best? |
|
Date: |
Thu, 30 Apr 2009 19:43:36 +0000 (GMT) |
Hello,
Recently I had the idea to make an application packaging, sandboxing, and
distribution system, similar to klik2 (see
http://klik.atekon.de/wiki/index.php/Virtualization_Options).
Essentially I want to make a system that executes an unmodified application
(such as Firefox, GIMP, VLC...) inside a COW system (as seen in the image), so
that the application can see some/all of the base system, its own files, and
its configuration files. The entire tree looks RW, so the application can write
and delete whatever it wants, but all the changes go to a separate COW folder.
This would only be necessary for existing applications. If an application is
designed specifically for this system, it could see the real filesystem but
only be able to write in its designated configuration directory. No application
can damage the computer.
That could be integrated in a Linux distribution, meaning that the users can
simply download an application, click it and run it (the whole "install" thing
seems a bit pointless :-S ). And if Wine support was added, they could even run
Windows applications as easily!
I have tried a few sandboxing methods:
1: aufs + chroot: My original idea was to mount a union filesystem somewhere
and then chroot the program there. This would be the simplest and best approach
for the COW part, but chroot jails are not very secure, so my second idea was
to add some AppArmor restrictions. The real problem is that aufs refuses to
mount anything that includes root because that would cause a recursion problem,
although that could be patched or worked around.
2: VServer (http://linux-vserver.org/): VServer is designed for running
multiple virtualized operating systems using the same kernel. It has a COW
option that maybe could be tweaked to do what I need. I wouldn't have
considered this if it wasn't because Bitfrost (from the OLPC project, see
http://wiki.laptop.org/go/Bitfrost ) uses it.
3: Plash: It seemed the ideal tool to use, except for a few things: first, some
things look "unpolished", and there doesn't seem to be a lot of information
available, compared to other methods; second, and that's the important thing,
according to http://article.gmane.org/gmane.comp.security.plash/104 , it seems
the COW part is not yet implemented.
So, what do you think would be the best approach?
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Plash] What sandboxing would be the best?,
xavierpij <=