I'm writing a wiki which allows arbitrary code to be run in the page generation process. In order to keep this from endangering the server, my plan is to run the code within a jail within a VM.
The jail would provide lightweight file system protections; the VM would provide robust file system protections, as well as some protections against the code initiating unwanted IP connections. So, when the main wiki app receives a request for a page, it makes a request to the page generation app. The generation app should have extremely limited networking access (eg, a single port on the host machine, served by a very paranoid program). Can VirtualBox provide this kind of control? If so, where might I find information on how to set up such a configuration? -r -- http://www.cfcl.com/rdm Rich Morin http://www.cfcl.com/rdm/resume [email protected] http://www.cfcl.com/rdm/weblog +1 650-873-7841 Technical editing and writing, programming, and web development _______________________________________________ vbox-users mailing list [email protected] http://vbox.innotek.de/mailman/listinfo/vbox-users
