On 21:53 Mon 14 Feb , Jean-Francois Gagnon Laporte wrote: > On Sun, 13 Feb 2005 01:40:16 +0100, marcin <[EMAIL PROTECTED]> wrote: > > Hi > > > > I'm wondering if there is a tool under Linux which I can used to control > > other programs. For instance I want to control network connections > > making by some program (by "control" I mean logging or blocking). I know > > that I can use (for example) > > > > #strace program > > > > and then I can watch when the program using sockets or whatever but it > > would be nice to have such a program which is blocking connections to > > the Internet by running > > > > #block-inet program > > > > and the program wouldn't have access outside the box. > > > > (I know that something similar is under GNU Hurd > > http://kerneltrap.org/node/4484) > > > > Is it possible under Linux? > > > > Hum yeah TCPd can do that for inetd programs. Also, netfilter/iptables > can do that on a port basis. All you have to do is to know which > program use which port and you're ready to go. You could use fwbuilder > (available in portage) to help you out. Just deny everything and then > enable what you need. > > Hopes this helps > > Jean-Francois >
I know that I can deny everything but the whole point is that I want to deny access only some programs. I want to build some kind of sandboxes where I can test some suspicious programs (and I don't want to use emulators like qemu, vmware or even usermode-kernel). I thought that maybe there is a patch against kernel 2.4 or 2.6 but I haven't been able to find it yet. Thanks Marcin ---------------------------------------------------------------------- "Samcze pasorzyty są od usugiwania kobiecie i wykonywania nie skomplikowanych prac domowych..." >>> http://link.interia.pl/f1856 -- gentoo-user@gentoo.org mailing list