| 1 |
Hey folks, |
| 2 |
|
| 3 |
Late night clicking-while-drooling, I came across something a few |
| 4 |
minutes ago that mildly piqued my interest -- mbox |
| 5 |
<http://pdos.csail.mit.edu/mbox/>. It's a sandbox that uses a |
| 6 |
combination of ptrace and seccomp bpf; neither ours nor exherbo's uses |
| 7 |
both of these together. The killer feature, for us, that's motivating |
| 8 |
me to write to this list, is that it creates a "shadow file system", |
| 9 |
and then has the option to commit the changes of that file system to |
| 10 |
the real file system, piece by piece, when the process is done. It |
| 11 |
made me think of some discussions we had at FOSDEM about Portage |
| 12 |
evolution and whatnot. I haven't looked at this tool past an initial |
| 13 |
glance, but it does look like interesting food for thought. |
| 14 |
|
| 15 |
Jason |
| 16 |
|
| 17 |
-- |
| 18 |
Jason A. Donenfeld |
| 19 |
Gentoo Linux Security & Infrastructure |
| 20 |
zx2c4@g.o |
| 21 |
www.zx2c4.com |
Archives