Displaying 20 results from an estimated 10000 matches similar to: "R in a sandbox/jail"
2010 May 19
4
R in sandbox/jail (long question)
Hello,
I have a setup similar to Rweb ( http://www.math.montana.edu/Rweb/ ):
I get R scripts from users and need to execute them in in a safe manner (they are executed automatically, without human inspection).
I would like to limit the user's script to reading from STDIN and writing to STDOUT/ERR.
Specifically, preventing any kind of interaction with the underlying operating system (files,
2001 Apr 09
0
Running 'ssh' and 'scp' from a chroot jail (sandbox)
I have a need to have users SSH into a server where they are limited to a
chroot jail (sandbox). Once they are there, they need to be able to execute
'ssh' and 'scp' to other systems.
I've no problem setting up the basic chroot jail and providing basic
functionality (ls, cat, less, etc). The part that is stopping me is setting
it up so that that user can then 'ssh'
2013 Feb 12
2
problem stoping jails with jail(8), jail.conf and mount.fstab
Hello,
on 9.1-R, I highly appreciate the new jail(8) and jail.conf
capabilities. Thanks for that extension!
But I have one problem: If I want to stop a jail with 'jaill -r
jailname', I get "umount: unmount of /.jail.jailname failed: Device busy"
It seems to me that the order of fstab.jailname entries are not reverted
by jail(8) when shutting down/umounting.
My C skills
2006 Dec 19
3
/etc/rc.d/jail: losing IPs if jail_x_interface set and syntax error in jails /etc/rc?
Hi *,
I recently triggered an error when setting up a jail-host: I configured
the jail(s) like evry jail I set up in the past:
On the jail-hosts /etc/rc.conf:
# ---- Jail-Globals ----
jail_enable="YES" # Set to NO to disable starting of any jails
jail_list="ftp mx1 relay" # Space separated list of names of jails
2007 Aug 17
1
Jailed X applications
Hello.
Has anyone here ever successfully set up a jail for X apps, connecting
to an external X server? I'm trying an experimental sandbox setup here.
I have a jail running on an aliased IP on my local machine and X
programs connect out of the jail to my local X server via an SSH
tunneled TCP connection. All other packets to and from the jail are
denied by the packet filter. The trouble I am
2003 Sep 10
2
jail + postgresql + System V IPC
HI everyone,
I have resently installed a jail environment on my freebsd box, and had some
problems getting postgresql running under it.
After looking a bit on various mailinglists i figured out that I needed to
set jail.sysvipc_allowed to be 1 using sysctl in order to make postgresql
run.
However man jail gives me:
jail.sysvipc_allowed
This MIB entry determines whether or not
2005 Aug 26
1
Filtering jail IP traffic
Hi,
IP traffic from one jail to another jail, arrives on destination jail on
lo0 having the destination jails IP as source IP. Why not the source
jail's IP address?
How can I filter traffic from one jail to another, using ipfw of ipf?
Cheers,
--
Anders.
2005 Jun 27
1
running jail with alternate IP
I am currently setting up a firewall that translates my internal network
over to 5 public IP addresses. The addresses are dynamically assigned, so I
use ddclient to update my www.dyndns.org account. I've set up several
aliases on the external interface of the firewall, and succeeded in having
the internal computers use those extra public IPs.
What I want to do is have 5 copies of ddclient
2009 Jan 08
2
Problems with network in jail
Hi all,
Is it mandatory to add device mem to jails to enable network via the gateway?
Left ezjail with FreeBSD-6.3 (and a hardware replacement of my server)
and am now starting again with FreeBSD-7.1.
Early this week, I upgraded from 7.0 to 7.1 (not having 'used' jails
on 7.0). After creating the jail with
`ezjail-admin update -i`
I created a 'ports build' jail
`ezjail-admin
2008 Jan 13
1
Can TFTPD run in a chroot jail?
Hi,
I've been struggling with this problem for the last couple of hours and am
nowhere near solving the problem. I am trying to run a tftp server in a
chroot jail. Now perhaps I am being paranoid, but I would like to have it
launched from within its own jail even if it supposedly does a chroot itself
and runs with a parameterizable user.
I downloaded the atftp-server package and tried
2008 Feb 24
2
A simple rc.d jail patch to enable priority
Hello,
I have written this tiny little patch to the jail rc.d script, which
allows user to set jail nice value. It doesn't change any default
behaviour.
Can that make it to the trees?
Patch attached.
--
Jan Srzednicki :: http://wrzask.pl/
"Remember, remember, the fifth of November"
-- V for Vendetta
-------------- next part
2008 Feb 24
2
A simple rc.d jail patch to enable priority
Hello,
I have written this tiny little patch to the jail rc.d script, which
allows user to set jail nice value. It doesn't change any default
behaviour.
Can that make it to the trees?
Patch attached.
--
Jan Srzednicki :: http://wrzask.pl/
"Remember, remember, the fifth of November"
-- V for Vendetta
-------------- next part
2005 Jul 03
2
bind() on 127.0.0.1 in jail: bound to the outside address?
Dear folks,
It seems that doing bind() inside a jail (whose IP address is an outside
address), will result in some wierd behavior, that the actual bind is
done on the outside address.
For example, binding to 127.0.0.1:6666 inside a jail addressed 192.168.1.1,
will finally result in a bind to 192.168.1.1:6666. With this in mind,
it is possible that some formerly secure configuration fail in jail
2005 May 24
1
Jail support for mac_portacl(4).
Hi.
When we don't have too many IP addresses available and we want to run
for example www server inside a jail, but use the same IP address as
the main system, we need to actually use an internal IP address and
forward http port with firewall from external IP to jail's IP.
In that way we know that if somebody breaks into out jail, he cannot
run sshd server (we have keys, I know) or any
2016 Apr 20
2
Backspace key does not work in a ssh chroot jail
I setup a ssh chroot jail following this[1] guide. It works for my user to login, use ls and use scp which is all I really want. I do have a problem I cannot solve: when connected and navigating the filesystem, the backspace key actually moves the cursor forward and does not delete what I type.
I may have found a hint from some googling that readline will read in /etc/inputrc on login but if
2003 Dec 19
6
Configuring JAIL to bind on lo0 interface
Hello,
I have configured jail for users with sshd ftpd and auth. I started this
jail on IP 127.0.0.10(there is an alias on lo0 interface), there was
not any bigger problem to start it. But i have a problem with internet in
this jail. I can log in to this jail through ssh or ftpd but i can't
connect to the internet. I try to set up some kind of nat but it doesn't
work.
Can anybody help me
2003 Jul 10
2
jail performance questions
I'm thinking of using jails to improve security on a server
I am setting up. Specifically, I would like to put Apache/PHP
in a jail, but I might like to set up 2-3 different jails for
different purposes.
I've found several examples showing how to set the jails up.
My questions involve system requirements. Assuming plenty of
disk space, 1GB ram and a dual processor PIII 1.13Ghz
2005 Jul 13
2
mijail- Multiple IP's in a Jail
I have searched around the lists and Google and found this
HYPERLINK
"http://people.freebsd.org/~pjd/patches/jail_2004120901.patch"http://people.
freebsd.org/~pjd/patches/jail_2004120901.patch
I was wondering if anyone know of a multiple IP patch that works with
FreeBSD 5.4
I really do not understand why this is not included in the standard jail
I mean sure jail is handy for
2004 Aug 06
2
Placing Icecast in a chroot jail
Hi,
(Sorry for the long email)
As a bit of a learning exercise, I'm trying to place the icecast daemon
in a chroot jail. I've been mostly sucessful: I can get icecast to
serve the default stream from its jail, however I can't get multiple
streams to work.
I think the problem is that icecast can't resolve addresses in the jail,
however I do have an etc/hosts file and
2012 Dec 12
1
How to create Jail in FreeBSD
Operating system virtualization is the most effective way to utilize your system resources, jails let you setup isolated mini-systems. Jails are explains well in handbook however, from practical standpoint of view, the presented material is incomplete.
The post below setup few scrips that follow handbook's 'Application of Jails' article and enhance with few missing features