On Mon, 25 May 2020 at 14:00, Ihor Antonov wrote:
>
> I was looking at Capsicumizer and it looks very interesting.
> The only reason I was hesitant is that this is an external application, not a
> FreeBSD core. Is it going to be included in FreeBSD in some distant future?
There are no explicit pl
On Monday, 25 May 2020 09:37:19 PDT Ed Maste wrote:
> On Sat, 16 May 2020 at 20:02, Ihor Antonov wrote:
> > Hello FreeBSD Community,
> >
> > I am looking for possible options to sandbox an untrusted application that
> > runs with root privileges.
> >
> > I can't use Jails or Capsicum as modifica
On Sat, 16 May 2020 at 20:02, Ihor Antonov wrote:
>
> Hello FreeBSD Community,
>
> I am looking for possible options to sandbox an untrusted application that
> runs with root privileges.
>
> I can't use Jails or Capsicum as modification of the application is outside of
> the scope of my task and a
21.05.2020 12:16, Ihor Antonov wrote:
> Jails have a lot of drawbacks to.
[skip]
> I tried jails and was left disappointed.
Just use sysutils/ezjail from ports that hides all the hassle and does it all
for you,
so you need to perform installworld for the host system only.
>> Also, shared PAM
On Saturday, 16 May 2020 17:28:46 PDT Eugene Grosbein wrote:
> 17.05.2020 7:02, Ihor Antonov wrote:
> > So far it seems that my endeavor is doomed. Any comments or suggestions
> > are
> > appreciated.
>
> You'll need to write and test lots of kernel-level code to achieve this.
>
> I'd suggest you
17.05.2020 7:02, Ihor Antonov wrote:
> So far it seems that my endeavor is doomed. Any comments or suggestions are
> appreciated.
You'll need to write and test lots of kernel-level code to achieve this.
I'd suggest you re-think your decision about jails because it seems jails can
really be the
Hello FreeBSD Community,
I am looking for possible options to sandbox an untrusted application that
runs with root privileges.
I can't use Jails or Capsicum as modification of the application is outside of
the scope of my task and application needs to share the file system with
some other ap
