Highest Voted 'sandbox' Questions - Unix and Linux Stack Exchange

95

votes

2 answers

What does the Chromium option `--no-sandbox` mean?

I'm running Chromium like so : chromium --no-sandbox I'm doing this because I'm running Debian Squeeze on an OpenVZ VM Container and it's the only way I can get it to work. Though I keep reading this is terrible. But I want to know why exactly. Can…

asked Mar 22 '13 at 19:22

capdragon

1,157
1
9
12

24

votes

2 answers

How to create a snapshot in btrfs, and then rollback to it after some work?

What are the commands to use in btrfs in case I want to: create a (read-only) snapshot of a volume; (do some experiments in the volume); and then rollback the volume to the snapshot?

restore btrfs backup sandbox

asked Aug 22 '11 at 23:53

imz -- Ivan Zakharyaschev

15,113
15
61
123

19

votes

4 answers

Merge changes to upper filesystem to lower filesystem in Linux Overlay (OverlayFS) mount

I would like to be able to merge changes from the upper filesystem of an overlay mount to a lower filesystem. I am interested both online (i.e. merge while the overlay is mounted) and offline (unmount the overlay and then merge) solutions. I have…

linux snapshot sandbox overlayfs union-mount

asked Sep 23 '17 at 02:45

ejm

521
1
4
6

18

votes

4 answers

Simplest possible secure sandboxing (limited resources needed)

I'm working on a project that implements distributed simulations: arbitrary code is executed on multiple nodes and the results are later collected and aggregated. Each node is an instance of an Ubuntu Linux virtual machine and runs a master process…

cgroups sandbox apparmor

asked Dec 21 '14 at 17:58

StephQ

281
2
3

14

votes

1 answer

How to create a read-only snapshot in LVM, and then rollback to it after some work?

What are the commands to use in LVM in case I want to: create a read-only snapshot of a volume; (do some experiments in the volume); and then rollback the volume to the snapshot?

lvm restore backup sandbox

asked Aug 17 '11 at 15:21

imz -- Ivan Zakharyaschev

15,113
15
61
123

10

votes

2 answers

LXC containers as a sandbox environment

I am currently starting a project evaluating untrusted programs (student assignments) in a secure sandbox environment. Main idea is to create a web app for GlassFish and Java wrapper around lxc-utils to manage LXC containers. It'll have a queue of…

security selinux lxc sandbox container

asked Oct 02 '13 at 18:08

eXPi

103
1
5

8

votes

1 answer

Firefox spamming SECCOMP events to journal/syslog - how to fix?

Since I updated to the snap-based Firefox on Ubuntu recently, I see it reporting SECCOMP_RET_TRAP messages to the journal whenever some application is drawing a canvas. And since applications drawing canvasses usually do that with 30 frames per…

firefox selinux systemd-journald sandbox

asked Sep 13 '22 at 14:04

foo

134
8

8

votes

3 answers

How to run programs in a Sandbox?

I have been using PlayOnLinux to run windows programs on Linux. PlayOnLinux creates a virtual drive for each program installed and every VD represents a different Windows XP computer. Any changes made by the program stay within its own VD only. So…

wine sandbox emulation

asked Jan 10 '13 at 07:01

Kshitiz Sharma

8,585
21
59
75

8

votes

1 answer

How do I set up the SELinux sandbox in Debian?

I've installed SELinux in Debian sid in order to use the sandbox that locks down apps to a restricted environment, but I can't get it to work. If I try to use the sandbox command in permissive mode without any options, like sandbox nano, I get the…

debian selinux sandbox

asked Apr 15 '12 at 00:08

Magnus

361
1
9

8

votes

2 answers

why php can not see /tmp files

i have simple test.php page:

which always shows just: . and .. folders and nothing else in browser. in the command line: 1) ls -la /tmp 2) sudo -u http ls -la /tmp 3) php test.php 4) sudo -u http php…

files systemd php tmp sandbox

asked Feb 15 '17 at 06:32

Asain Kujovic

1,681
15
18

8

votes

1 answer

Can LVM snapshots be writable? (and used for temporary experiments)

It seems that usually it is talked about snapshots as read-only. (In a scenario where one creates a snapshot, then does some experiments with the main volume, and then restores the old state by "merging" the snapshot into the main volume.) Is an…

lvm restore tmp sandbox

asked Aug 22 '11 at 23:27

imz -- Ivan Zakharyaschev

15,113
15
61
123

7

votes

2 answers

RLIMIT_NPROC suddenly overwhelmed

In a small script I have, I'm starting a shell and then setting RLIMIT_NPROC on it to some small number, like 5, using prlimit Then, I try to execute a shell script that only contains: #!/bin/bash echo hi sleep 3 by sending "./test.sh\n" through…

linux sandbox

asked Dec 26 '12 at 22:02

Jonathan Chan

181
1
3

6

votes

1 answer

Is sandbox-simplify command removed from OS X sierra?

Looks like the sandbox-simplify command is removed in OS X sierra, I can't find it in system path, only sandbox-exec command is available now. So, is there any replacements?

macintosh sandbox

asked Oct 24 '16 at 05:59

daisy

53,527
78
236
383

6

votes

1 answer

Sandboxing a binary on linux

I am trying to understand various options I have to restrict/sandbox a binary in Linux. I see that I can use namespaces and cgroups like docker does. I could use SELinux like this link suggests. Which one do I use? Are namespaces and cgroups…

selinux cgroups namespace capabilities sandbox

asked Aug 07 '15 at 06:54

user220201

161
1

5

votes

1 answer

Is strace a suitable tool for finding out where a program wrote to the filesystem?

I'd like to determine where a certain app (as an example, surf) writes to the filesystem in order to make sure it leaves no traces. Without a dedicated sandboxing system this probably isn't easy, but I'm wondering if there is a better way than…

sed filesystems security strace sandbox

asked Oct 30 '13 at 21:33

Michael A

1,501
5
19
33

Questions tagged [sandbox]