> Does any one know how I could dlopen a plugin in a sandbox? > Specifically, I want to limit the memory that it can access and > intercept any attempt to r/w the loading process' memory?
Hum.. I don't think that it is possible to do something like this in any easy way. Anything you dlopen is executing in the same process space and the kernel sees no difference between the original process and the code you've loaded. About the best that you could do is fork off another process, blank out the memory you don't want it seeing (it will be able to write stuff anyway) and use ulimit to limit the ram for the whole process. You might see if lids or linux SE has any support for such things, but I would still be surprised. All of the dlopen stuff is done completely in user space (mmap the .so as an executable section of ram, jump to the instructions there). If you do find a way, I would be interested to hear about it tough. >>>------> -- +-------------+-----------------------+---------------+ | Ed Schaller | Dark Mist Networking | psuedoshroom | +-------------+-----------------------+---------------+
pgp00000.pgp
Description: PGP signature
