Re: isolating process..

Bohdan Vlasyuk (bohdan@kivc.vstu.vinnica.ua)
Thu, 7 Jun 2001 09:57:23 +0300


On Wed, Jun 06, 2001 at 09:57:25PM +0200, Erik Mouw wrote:

>> Is it possible by any means to isolate any given process, so that
>> it'll be unable to crash system.
> You just gave a nice description what an OS kernel should do :)
* Sigh * :-)

> > Please, supply ANY suggestions.
> >
> > My ideas:
> >
> > create some user, and decrease his ulimits up to miminum of 1 process,
> > 0 core size, appropriate memory/ etc.
> That's indeed the way to do it.
Byt how should I restrict him open socket and send some data (my IP,
for example) somewhere ??

I thinks I'll end up writing kernel module which will restrict all
ioctls but few {mmap, brk, geteuid, geuid, etc..} for given UID.

thank, thought.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/