simon-svn: umlwrap: simon
Commits to Tartarus CVS repository.
tartarus-commits at lists.tartarus.org
Sat Jun 14 17:38:03 BST 2008
SVN root: svn://svn.tartarus.org/sgt
Changes by: simon
Revision: 8070
Date: 2008-06-14 17:38:02 +0100 (Sat, 14 Jun 2008)
Log message (17 lines):
New application "umlwrap". Runs a single untrusted process in an
isolation environment based on User-Mode Linux; passes its I/O back
and forth and returning its exit code, while preventing it from
doing any network access or from writing to any parts of the
filesystem you don't specifically let it write to. As an added
bonus, if the UML kernel you're using has unionfs built in, it can
union-mount trees over the root of the interior VFS; so if you have,
say, a set of binaries which are not just untrusted but also contain
hard-coded paths which require them to be installed in /usr, you can
easily arrange for them to appear in /usr in the isolation
environment, solving both problems in one go.
UML's communication-with-the-outside-world facilities are mostly set
up for persistent virtual machines with full Linux systems inside
them rather than encapsulations of one process at a time; it's taken
a significant amount of work to turn UML into a really viable
one-process wrapper.
Modified files:
A umlwrap/
A umlwrap/Makefile
A umlwrap/fgetline.c
A umlwrap/fgetline.h
A umlwrap/init.c
A umlwrap/isdup.c
A umlwrap/isdup.h
A umlwrap/malloc.c
A umlwrap/malloc.h
A umlwrap/movefds.c
A umlwrap/movefds.h
A umlwrap/options.c
A umlwrap/options.h
A umlwrap/protocol.c
A umlwrap/protocol.h
A umlwrap/rawmode.c
A umlwrap/rawmode.h
A umlwrap/sel.c
A umlwrap/sel.h
A umlwrap/umlwrap.c
Links:
http://svn.tartarus.org/?rev=8070&view=rev
http://svn.tartarus.org/umlwrap/Makefile?rev=8070&view=markup
http://svn.tartarus.org/umlwrap/fgetline.c?rev=8070&view=markup
http://svn.tartarus.org/umlwrap/fgetline.h?rev=8070&view=markup
http://svn.tartarus.org/umlwrap/init.c?rev=8070&view=markup
http://svn.tartarus.org/umlwrap/isdup.c?rev=8070&view=markup
http://svn.tartarus.org/umlwrap/isdup.h?rev=8070&view=markup
http://svn.tartarus.org/umlwrap/malloc.c?rev=8070&view=markup
http://svn.tartarus.org/umlwrap/malloc.h?rev=8070&view=markup
http://svn.tartarus.org/umlwrap/movefds.c?rev=8070&view=markup
http://svn.tartarus.org/umlwrap/movefds.h?rev=8070&view=markup
http://svn.tartarus.org/umlwrap/options.c?rev=8070&view=markup
http://svn.tartarus.org/umlwrap/options.h?rev=8070&view=markup
http://svn.tartarus.org/umlwrap/protocol.c?rev=8070&view=markup
http://svn.tartarus.org/umlwrap/protocol.h?rev=8070&view=markup
http://svn.tartarus.org/umlwrap/rawmode.c?rev=8070&view=markup
http://svn.tartarus.org/umlwrap/rawmode.h?rev=8070&view=markup
http://svn.tartarus.org/umlwrap/sel.c?rev=8070&view=markup
http://svn.tartarus.org/umlwrap/sel.h?rev=8070&view=markup
http://svn.tartarus.org/umlwrap/umlwrap.c?rev=8070&view=markup
More information about the tartarus-commits
mailing list