similar to: limit memory and CPU when using libvirt-sandbox

I'm trying to build libvirt-sandbox under ubuntu 12.10 sudo apt-get install git build-essential lxc libvirt-bin libvirt-glib-1.0 libglib2.0-0 libglib2.0-dev gtk-doc-tools libxml2-dev libselinux-dev git clone git://libvirt.org/libvirt-sandbox.git cd libvirt-sandbox sudo ./autobuild The error I'm getting: make[2]: Entering directory `/home/user/libvirt-sandbox/build/bin' CC

I hope this question isn't considered too off topic for this list, I am trying to reach the libvirt-sandbox developers, but I could not find a libvirt-sandbox specific mailing list, and it seemed to me that libvirt-sandbox was a part of libvirt itself. I am trying to port libvirt-sandbox to run on a CentOS 6.5 system. This wasn't too hard but, I had to do the following: I have used the

Dear all, I have been trying to set up the set up Libvirt Sandbox without success. I want to use virt-sandbox in order to run untrusted programs in a secure environment. I am had no knowledge about virtualization until a couple of days ago, so I am probably doing something wrong. The scenario is the following: Linode instance. OS that I have tried: Ubuntu 14.04, Ubuntu 14, Fedora 21. Both

Hi, The systrace and rlimit sandboxes have been committed and will be in snapshots dated 20110623 and later. This diff adds support for pre-auth privsep sandboxing using the OS X sandbox_init(3) service. It's a bit disappointing that the OS X developers chose such as namespace-polluting header and function names "sandbox.h", "sandbox_init()", etc. It already forced me to

I'm attempting to build/use libvirt-sandbox on Ubuntu 12.xx. Although I'm still working through dependency issues (including the need for libvirt >= 1.0.2 which is not packaged for ubuntu 12.xx) to build the sandbox code, I have a forward looking question. It appears libvirt-bin for Ubuntu likes apparmor as does most Ubuntu based packages using a LSM impl. However, as I understand

On 01/13/2014 04:50 PM, Michal Privoznik wrote: > On 13.01.2014 16:10, Ivan Gooten wrote: >> hi, >> >> recently i've been busy with libvirt(d) v1.2.0 on armhf and i see, even >> if selinux sec driver is enabled on the configure stage, the driver is >> not finally created. these configure parameters are: >> >> --with-selinux >>

https://bugzilla.mindrot.org/show_bug.cgi?id=2011 Bug #: 2011 Summary: sandbox selection needs some kind of fallback mechanism Classification: Unclassified Product: Portable OpenSSH Version: 6.0p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2

Is it possible to use virt-sandbox to confine X applications? Dave

Z-Man, DHH recently said: "And [_why''s] latest work on sandbox looks stellar. Making it drop-dead easy to run multiple Rails applications in the same Mongrel process without conflicts. Thumbs up to both him and Matz for getting Sandbox on track for inclusion with the next Ruby release." Does that mean what I think it means - that one or more Mongrel processes may one day be

Is there any documentation/tutorial that explains how to use virt-sandbox-service? After looking at some writeups about virt-sandbox-service, this looks like a good tool for something I need to do. But, following the "examples" I cannot get anything to work correctly. With a simple xfce install with httpd, lighttpd, and libvirt-sandbox installed, I tried: 1. virt-sandbox-service

于 2014年08月21日 20:58, Eric Blake 写道: > On 08/21/2014 01:38 AM, Qiang Guan wrote: >> Hi guys, >> >> It seems libvirt disable SELinux driver by default. > You need to provide more details to substantiate your claim. What > platform are you running on, and what version of libvirt? Did you build > it yourself or are you using the pre-built distro version? > >

Hi. This is mostly hypothetical, just because I want to see how knowledgeable people would go about achieving it: I want to sandbox Mozilla Firefox. For the sake of example, I'm running it under my own user account. The idea is that it should be allowed to connect to the X server, it should be allowed to write to ~/.mozilla and /tmp. I expect some configurations would want access to audio

Hi guys, It seems libvirt disable SELinux driver by default. How to enable SELinux driver for libvirt? -- ------------ Jackie Best Regards

Hi all. I have an old windows VM with an oldish cygwin that I use for the regression tests. Investigating one of the test failures, I see that it's for UsePrivilegeSeparation=sandbox, and it seems to be because setrlimit(RLIMIT_FSIZE, ...) is not supported. IMO, this isn't a big loss, since the most useful thing in the rlimit "sandbox" is the descriptor limits. Can anyone see

Dear all, I want to have a view of lxc CPU usage in openstack Dashboard. According the Openstack official site , Openstack Ceilometer can poll libvirt daemon to obtain CPU usage of a virtual machine. I tried the command locally on the libvirtd host "virsh -c lxc:/// domjobinfo", I got an error "error: this function is not supported by the connection driver:

Hi, This patch (relative to -HEAD) defines an API to allow sandboxing of the pre-auth privsep child and a couple of sandbox implementations. The idea here is to heavily restrict what the network-face pre-auth process can do. This was the original intent behind dropping to a dedicated uid and chrooting to an empty directory, but even this still allows a compromised slave process to make new

I am using the Paypal Library for ruby (http://dist.leetsoft.com/api/paypal/) I have been testing it in development mode and the paypal sandbox site. Now I have moved my application into production mode but the paypal url still goes to the sandbox site: https://www.sandbox.paypal.com/cgi-bin/webscr How do I change the paypal URL? -- Posted via http://www.ruby-forum.com/.

Again, I have another program that will not run Live with Wine, but if I run it as root it does run. It seems as if this "Running Live" issue is being ignored, although Running Live is a common feature with many Linux distros and is one great security environment vs. Running off hard disk. Yet having to run as root to get apps going in Live environment is occurning with more apps as I

Recently I''ve found out some mentions to the "--sandbox" parameter to the "rails console" command. And I found the idea interesting, but since I''m using Sequel instead of ActiveRecord I guessed this wouldn''t work for me. But after talking about this subject in the Sequel mailing list, Jeremy Evans has brought to my attention that there are some

I was wondering if the following attack would be feasible once I'm able to break into rlimit sandbox. Because sandboxed process that handles unauthenticated session is running as the 'sshd' user I was wondering if this could be used to jump between processes using ptrace(2). For example if I find a bug in the code executed before authentication I could use ptrace(2) to attach to