Hi,
Is there an example for a config file needed to create a sandbox?
I'm using ubuntu 12.04 (can use any other version if required).
I need to execute untrusted code inside a sandbox with lxc-execute.
libvirt-sandbox seems to be what I need but it's not available in ubuntu
and doesn't support limiting ram and cpu.
https://www.berrange.com/posts/2012/01/17/building-application-sandboxes-with-libvirt-lxc-kvm/
Is there an equivalent in lxc tools?
Is there a plan for something like a lxc-sandbox command?
Basically I want to disable everything and allow only the minimum to
compile and execute simple scripts.
I've started with the following config file but I don't know what else need
to be prevented or changed to protect the host.
Does anyone have a config file he can share?
Thanks
lxc.network.type = empty
lxc.cgroup.cpu.shares = 1234
lxc.cgroup.memory.limit_in_bytes = 10M
lxc.cgroup.memory.memsw.limit_in_bytes = 20M
lxc.cgroup.devices.deny = a
lxc.cap.drop = audit_control audit_write chown dac_override
dac_read_search fowner fsetid ipc_lock ipc_owner kill lease linux_immutable
mac_admin mac_override mknod net_admin net_bind_service net_broadcast
net_raw setgid setfcap setpcap setuid sys_boot sys_chroot sys_module
sys_nice sys_pacct sys_ptrace sys_rawio sys_resource sys_time sys_tty_config
#lxc.cap.drop = sys_admin syslog
------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
