similar to: Mongrel and Sandbox

What''s a rule of thumb for guesstimating how many Mongrels to use in a cluster for an app? I have an app that gets about 5000 unique visitors per day. I figured I''d give it plenty of Mongrels -- twenty to be specific. After running out of memory and hitting the swap periodically, I scaled it back to five and it still seems to serve up visitors fine. So, is there some super-secret

This is important so please read this message very carefully. There is a DoS for Ruby''s cgi.rb that is easily exploitable. The attack involves sending a malformed multipart MIME body in an HTTP request. The full explanation of the attack as well as how to fix it RIGHT NOW is given below. Most of the work was done by Jeremy Kemper and Jamis Buck. They did all the work of building the

I played around with this some more and when I changed line 142 of /opt/local/lib/ruby/gems/1.8/gems/mongrel-0.3.13.4/bin/mongrel_rails from "exec cmd" to "system cmd" Mongrel has successfully restarted every time I''ve tried ("mongrel_rails restart"). Hell if I know why exec doesn''t work -- googling on "exec Operation not supported ruby"

A concrete example: We''re building a system to organize the information about workshops being held in various conventions. A convention has more than one workshop, and each workshop can be held in more than one convention. Also each workshop has a host, who is specific to a workshop being held in a specific convention. For example, Matz may host an "Introduction to Ruby"

Is there any documentation/tutorial that explains how to use virt-sandbox-service? After looking at some writeups about virt-sandbox-service, this looks like a good tool for something I need to do. But, following the "examples" I cannot get anything to work correctly. With a simple xfce install with httpd, lighttpd, and libvirt-sandbox installed, I tried: 1. virt-sandbox-service

I'm trying to build libvirt-sandbox under ubuntu 12.10 sudo apt-get install git build-essential lxc libvirt-bin libvirt-glib-1.0 libglib2.0-0 libglib2.0-dev gtk-doc-tools libxml2-dev libselinux-dev git clone git://libvirt.org/libvirt-sandbox.git cd libvirt-sandbox sudo ./autobuild The error I'm getting: make[2]: Entering directory `/home/user/libvirt-sandbox/build/bin' CC

I'm considering using virt-sandbox with lxc to sandbox and execute untrusted code like python scripts and compiled C code. Is it possible to limit CPU and Memory like is possible with lxc-execute and a config file? What are the defaults security settings? Is it completely isolated by default? What's the difference between lxc-execute and libvirt-sandbox? How can I use it in ubuntu?

Hi all. I have an old windows VM with an oldish cygwin that I use for the regression tests. Investigating one of the test failures, I see that it's for UsePrivilegeSeparation=sandbox, and it seems to be because setrlimit(RLIMIT_FSIZE, ...) is not supported. IMO, this isn't a big loss, since the most useful thing in the rlimit "sandbox" is the descriptor limits. Can anyone see

I am considering creating a web interface for system administration, but it would need a plug-in architecture, adding new UIs as new services are added. I''m thinking about doing this with multiple Rails applications, and I''m curious as to whether mongrel can most multiple apps in a single instance, as opposed to running one for each. Is this possible? Thanks, Mike -- Michael P.

Dear all, I have been trying to set up the set up Libvirt Sandbox without success. I want to use virt-sandbox in order to run untrusted programs in a secure environment. I am had no knowledge about virtualization until a couple of days ago, so I am probably doing something wrong. The scenario is the following: Linode instance. OS that I have tried: Ubuntu 14.04, Ubuntu 14, Fedora 21. Both

I'm attempting to build/use libvirt-sandbox on Ubuntu 12.xx. Although I'm still working through dependency issues (including the need for libvirt >= 1.0.2 which is not packaged for ubuntu 12.xx) to build the sandbox code, I have a forward looking question. It appears libvirt-bin for Ubuntu likes apparmor as does most Ubuntu based packages using a LSM impl. However, as I understand

I am using the Paypal Library for ruby (http://dist.leetsoft.com/api/paypal/) I have been testing it in development mode and the paypal sandbox site. Now I have moved my application into production mode but the paypal url still goes to the sandbox site: https://www.sandbox.paypal.com/cgi-bin/webscr How do I change the paypal URL? -- Posted via http://www.ruby-forum.com/.

Recently I''ve found out some mentions to the "--sandbox" parameter to the "rails console" command. And I found the idea interesting, but since I''m using Sequel instead of ActiveRecord I guessed this wouldn''t work for me. But after talking about this subject in the Sequel mailing list, Jeremy Evans has brought to my attention that there are some

Hi, The systrace and rlimit sandboxes have been committed and will be in snapshots dated 20110623 and later. This diff adds support for pre-auth privsep sandboxing using the OS X sandbox_init(3) service. It's a bit disappointing that the OS X developers chose such as namespace-polluting header and function names "sandbox.h", "sandbox_init()", etc. It already forced me to

Hello, I have a setup similar to Rweb ( http://www.math.montana.edu/Rweb/ ): I get R scripts from users and need to execute them in in a safe manner (they are executed automatically, without human inspection). I would like to limit the user's script to reading from STDIN and writing to STDOUT/ERR. Specifically, preventing any kind of interaction with the underlying operating system (files,

I hope this question isn't considered too off topic for this list, I am trying to reach the libvirt-sandbox developers, but I could not find a libvirt-sandbox specific mailing list, and it seemed to me that libvirt-sandbox was a part of libvirt itself. I am trying to port libvirt-sandbox to run on a CentOS 6.5 system. This wasn't too hard but, I had to do the following: I have used the

I was wondering if the following attack would be feasible once I'm able to break into rlimit sandbox. Because sandboxed process that handles unauthenticated session is running as the 'sshd' user I was wondering if this could be used to jump between processes using ptrace(2). For example if I find a bug in the code executed before authentication I could use ptrace(2) to attach to

https://bugzilla.mindrot.org/show_bug.cgi?id=2011 Bug #: 2011 Summary: sandbox selection needs some kind of fallback mechanism Classification: Unclassified Product: Portable OpenSSH Version: 6.0p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2

Is it possible to use virt-sandbox to confine X applications? Dave