tsgates/mbox: A lightweight sandbox tool for non-root users edit / delete

seccomp-based syscall redirection (it's a bit more than just sandboxing; you could do debug/trace stuff with this technique too).

to linux sandbox seccomp security software syscall ... on 28 February 2016

9vx edit / delete

"9vx is a port of the plan 9 operating system to freebsd, linux, and os x, using the vx32 sandboxing library to run "user" programs."

to linux os plan9 portability sandbox virtualisation ... on 23 March 2015

System Hardening - The Chromium Projects edit / delete

A nice overview of all the application hardening facilities used on ChromiumOS.

to chromium container hardening linux sandbox security ... on 22 July 2014

Rami Rosen edit / delete

Some good presentations on Linux container facilities. (Horrid Javascript-based site, though.)

to container linux programming sandbox security ... on 11 July 2014

linux-user-chroot - setuid helper for making bind mounts and chrooting edit / delete

Not a million miles from one of the sandboxing ideas I wanted to play with -- although this comes with some significant security caveats.

to build-systems chroot linux sandbox security ... on 24 October 2013

Browser bookmarks: tasty+ | tasty= Log in | Export | Atom