/rundir
/rundir/temp1 <-- process 1 chroot jailed here, can't go above
/rundir/temp2 <-- process 2 chroot jailed here, can't go above
另请参阅“man 8 chroot”。
File permissions are based on owner/group not process so multiple programs run by the same user are going to be able to access owned directories. However if you create a temporary directory for each process before it runs and then chroot() it then no process should be able to get out of its chroot jail to access other directories.
The basic notion is that the temp directory becomes the top of the directory tree as far the process is concerned. The process doesn't know about, nor can it change to, anything above it. Otherwise it can read/write create/delete whatever to its heart's content in its sandbox.
For instance:
/rundir
/rundir/temp1 <-- process 1 chroot jailed here, can't go above
/rundir/temp2 <-- process 2 chroot jailed here, can't go above
听起来你想要类似于 FreeBSD Jail 的 Linux 版本,或者至少是非常相似的东西。此博客文章包含对同名工具的描述,位于至少。
Sounds like you want something like the Linux equivalent of the FreeBSD Jail, or at least something quite similar. This blog posting contains the description of a tool with the same name at least.
You could use a kernel patch like Grsecurity (there are others that could do the job, I think, look for SELinux and AppArmor) to enforce RBAC (role-based access control) for a certain process.
I think using a security enhanced kernel is a must, given your usage scenario.
发布评论
评论(4)
文件权限基于所有者/组而不是进程,因此同一用户运行的多个程序将能够访问拥有的目录。但是,如果您在每个进程运行之前为其创建一个临时目录,然后 chroot() 它那么任何进程都不能脱离其 chroot 监狱来访问其他目录。
基本概念是,就进程而言,临时目录成为目录树的顶部。该进程不知道也不能改变其之上的任何内容。否则,它可以在沙箱中读取/写入、创建/删除其核心内容。
例如:
另请参阅“man 8 chroot”。
File permissions are based on owner/group not process so multiple programs run by the same user are going to be able to access owned directories. However if you create a temporary directory for each process before it runs and then chroot() it then no process should be able to get out of its chroot jail to access other directories.
The basic notion is that the temp directory becomes the top of the directory tree as far the process is concerned. The process doesn't know about, nor can it change to, anything above it. Otherwise it can read/write create/delete whatever to its heart's content in its sandbox.
For instance:
See also "man 8 chroot".
哇,这听起来几乎很神奇。几乎不是一个编程问题。
Wow, this sounds almost magical. Hardly a programming question.
听起来你想要类似于 FreeBSD Jail 的 Linux 版本,或者至少是非常相似的东西。此博客文章包含对同名工具的描述,位于至少。
Sounds like you want something like the Linux equivalent of the FreeBSD Jail, or at least something quite similar. This blog posting contains the description of a tool with the same name at least.
您可以使用像 Grsecurity 这样的内核补丁(我认为还有其他可以完成这项工作,寻找 SELinux 和 AppArmor )对某个进程强制执行 RBAC(基于角色的访问控制)。
考虑到您的使用场景,我认为使用安全增强内核是必须的。
You could use a kernel patch like Grsecurity (there are others that could do the job, I think, look for SELinux and AppArmor) to enforce RBAC (role-based access control) for a certain process.
I think using a security enhanced kernel is a must, given your usage scenario.