Tutorial :How to launch a process on Linux with highly restricted privileges?



Question:

I'd like to (from code) launch a process with highly restricted privileges.

  • Can save files, but only in its own folder and limited to a quota.
  • Can use memory, within a quota.
  • CPU time (including any subprocesses it launches) is limited to a quota.
  • Can't talk with any other process except it's own and the interface to my controller program via stdin/out.
  • Can't interact with any devices.
  • Can't see anything else on the network.

(I'm building a grid-esque system. The launched code may be hostile.)

Here's what I've got so far... - In advance, create some users, grid00-grid99. Give each one disk/memory/CPU quota as configured.

To launch a process...

  • Pick an unused gridxx user.
  • Make a folder inside the user's home folder.
  • Hard link /bin, /usr, etc in that folder.
  • Make a new /home/gridxx and /tmp folders in that folder.
  • Copy in the program files.
  • Switch to the gridxx user.
  • chroot to the new folder.
  • Launch the new process.

Have I missed anything?

Many thanks.


Solution:1

The standard resource usage limits (via ulimit) can handle the first three, and SELinux can handle the other three. Simply create a new domain for the application, assign the proper permissions, and away you go (but not it).


Solution:2

It sounds like you're looking for something like the FreeBSD jail feature. (That's for FreeBSD of course, but that page has links to similar technologies for Linux.)


Solution:3

You should be able to accomplish that with ulimit, chroot, disk quotas, and a firewall. Limiting all forms of "talking" (IPC) is hard. In the end you may want to go with a set of virtual machines.


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »