similar to: Fail to build libvirt-sandbox under ubuntu 12.10

I'm considering using virt-sandbox with lxc to sandbox and execute untrusted code like python scripts and compiled C code. Is it possible to limit CPU and Memory like is possible with lxc-execute and a config file? What are the defaults security settings? Is it completely isolated by default? What's the difference between lxc-execute and libvirt-sandbox? How can I use it in ubuntu?

Good evening everyone, I am attempting to compile Xen 4.2.1 from source on Ubuntu 12.10 and cannot for the life of me figure out what I am doing wrong. This is the script I wrote that I am running on a brand new install from ubuntu-12.10-server-amd64.iso apt-get update apt-get -y upgrade apt-get -y dist-upgrade reboot (uname -r returns back 3.5.0-23-generic) apt-get install -y build-essential

I hope this question isn't considered too off topic for this list, I am trying to reach the libvirt-sandbox developers, but I could not find a libvirt-sandbox specific mailing list, and it seemed to me that libvirt-sandbox was a part of libvirt itself. I am trying to port libvirt-sandbox to run on a CentOS 6.5 system. This wasn't too hard but, I had to do the following: I have used the

Is there any documentation/tutorial that explains how to use virt-sandbox-service? After looking at some writeups about virt-sandbox-service, this looks like a good tool for something I need to do. But, following the "examples" I cannot get anything to work correctly. With a simple xfce install with httpd, lighttpd, and libvirt-sandbox installed, I tried: 1. virt-sandbox-service

Hi all. I have an old windows VM with an oldish cygwin that I use for the regression tests. Investigating one of the test failures, I see that it's for UsePrivilegeSeparation=sandbox, and it seems to be because setrlimit(RLIMIT_FSIZE, ...) is not supported. IMO, this isn't a big loss, since the most useful thing in the rlimit "sandbox" is the descriptor limits. Can anyone see

Hi, The systrace and rlimit sandboxes have been committed and will be in snapshots dated 20110623 and later. This diff adds support for pre-auth privsep sandboxing using the OS X sandbox_init(3) service. It's a bit disappointing that the OS X developers chose such as namespace-polluting header and function names "sandbox.h", "sandbox_init()", etc. It already forced me to

I'm attempting to build/use libvirt-sandbox on Ubuntu 12.xx. Although I'm still working through dependency issues (including the need for libvirt >= 1.0.2 which is not packaged for ubuntu 12.xx) to build the sandbox code, I have a forward looking question. It appears libvirt-bin for Ubuntu likes apparmor as does most Ubuntu based packages using a LSM impl. However, as I understand

Dear all, I have been trying to set up the set up Libvirt Sandbox without success. I want to use virt-sandbox in order to run untrusted programs in a secure environment. I am had no knowledge about virtualization until a couple of days ago, so I am probably doing something wrong. The scenario is the following: Linode instance. OS that I have tried: Ubuntu 14.04, Ubuntu 14, Fedora 21. Both

This is definitely tangential to the list: I'm on Ubuntu (22.04.2 LTS) not Debian and I'm sure this is about issues in the Ubuntu package management on my machine, R is only revealing them. The original subject line came from me wondering if my going over to the r2u repository would solve the problem.? However, as I think Dirk said, that's only really likely to be answered by trying

I am using the Paypal Library for ruby (http://dist.leetsoft.com/api/paypal/) I have been testing it in development mode and the paypal sandbox site. Now I have moved my application into production mode but the paypal url still goes to the sandbox site: https://www.sandbox.paypal.com/cgi-bin/webscr How do I change the paypal URL? -- Posted via http://www.ruby-forum.com/.

I'm trying to build hivex 1.2.7 on Ubuntu 10.04, and get the following failure: Making all in xml make[2]: Entering directory `/opt/sandbox/src/hivex/hivex-1.2.7/xml' CC hivexml-hivexml.o CCLD hivexml hivexml-hivexml.o: In function `main': /opt/sandbox/src/hivex/hivex-1.2.7/xml/hivexml.c:86: undefined reference to `rpl_getopt'

Recently I''ve found out some mentions to the "--sandbox" parameter to the "rails console" command. And I found the idea interesting, but since I''m using Sequel instead of ActiveRecord I guessed this wouldn''t work for me. But after talking about this subject in the Sequel mailing list, Jeremy Evans has brought to my attention that there are some

https://bugzilla.mindrot.org/show_bug.cgi?id=2011 Bug #: 2011 Summary: sandbox selection needs some kind of fallback mechanism Classification: Unclassified Product: Portable OpenSSH Version: 6.0p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2

I was wondering if the following attack would be feasible once I'm able to break into rlimit sandbox. Because sandboxed process that handles unauthenticated session is running as the 'sshd' user I was wondering if this could be used to jump between processes using ptrace(2). For example if I find a bug in the code executed before authentication I could use ptrace(2) to attach to

Hi, This patch (relative to -HEAD) defines an API to allow sandboxing of the pre-auth privsep child and a couple of sandbox implementations. The idea here is to heavily restrict what the network-face pre-auth process can do. This was the original intent behind dropping to a dedicated uid and chrooting to an empty directory, but even this still allows a compromised slave process to make new

Hello, I have a setup similar to Rweb ( http://www.math.montana.edu/Rweb/ ): I get R scripts from users and need to execute them in in a safe manner (they are executed automatically, without human inspection). I would like to limit the user's script to reading from STDIN and writing to STDOUT/ERR. Specifically, preventing any kind of interaction with the underlying operating system (files,

I was involved with the issues building OpenSSH 7.2p1 to use the Solaris sandbox, but I ended up dropping out of the discussion due to being on the road for most of the last couple of weeks. Anyway, the problems persist with OpenSSH 7.2p2 when building with --with-sandbox=solaris. I found that there's an error in openbsd-compat/port-solaris.h on line 30, because the type priv_set_t

Z-Man, DHH recently said: "And [_why''s] latest work on sandbox looks stellar. Making it drop-dead easy to run multiple Rails applications in the same Mongrel process without conflicts. Thumbs up to both him and Matz for getting Sandbox on track for inclusion with the next Ruby release." Does that mean what I think it means - that one or more Mongrel processes may one day be

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> diff --git a/README b/README index 21a81b2..88300df 100644 --- a/README +++ b/README @@ -51,6 +51,7 @@ provided by your OS distributor: * Development install of libaio (e.g. libaio-dev) version 0.3.107 or greater. Set CONFIG_SYSTEM_LIBAIO in .config if this is not available. * Development install of GLib

Is it possible to use virt-sandbox to confine X applications? Dave