1 |
Hey folks, |
2 |
|
3 |
Late night clicking-while-drooling, I came across something a few |
4 |
minutes ago that mildly piqued my interest -- mbox |
5 |
<http://pdos.csail.mit.edu/mbox/>. It's a sandbox that uses a |
6 |
combination of ptrace and seccomp bpf; neither ours nor exherbo's uses |
7 |
both of these together. The killer feature, for us, that's motivating |
8 |
me to write to this list, is that it creates a "shadow file system", |
9 |
and then has the option to commit the changes of that file system to |
10 |
the real file system, piece by piece, when the process is done. It |
11 |
made me think of some discussions we had at FOSDEM about Portage |
12 |
evolution and whatnot. I haven't looked at this tool past an initial |
13 |
glance, but it does look like interesting food for thought. |
14 |
|
15 |
Jason |
16 |
|
17 |
-- |
18 |
Jason A. Donenfeld |
19 |
Gentoo Linux Security & Infrastructure |
20 |
zx2c4@g.o |
21 |
www.zx2c4.com |