Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

NDC Conferences

Sandboxing a Linux Application

NDC Conferences via YouTube

Overview

Explore the intricacies of sandboxing Linux applications in this comprehensive conference talk from NDC Security 2022. Delve into the methods of isolating applications from the rest of the Linux system, safely evaluating downloaded code, and understanding how Docker sets up new filesystems. Learn to create your own sandbox using available Linux APIs, gaining insights into how major projects like Chromium and Docker utilize these techniques for system protection and problem-solving. Cover topics including namespaces, user and PID namespaces, file system manipulation, and Seccomp for system protection. Gain practical knowledge through an example application, exploring concepts such as running as root, creating new mount points, and implementing temporary file systems.

Syllabus

Intro
Who am I
Disclaimer
What is a Sandbox
Why use a Sandbox
Application expectations
Setting up a sandbox
Example application
namespaces
usernamespace
mappings
running as root
making a new file system
making a new mount point
making a temporary file system
proc file system
new proc namespace
pid namespace
Create new namespace
Clone newnet
Build the application
Protect the system
Seccomp
Seccomp Program
libsec comp
argument checks
compare strings

Taught by

NDC Conferences

Reviews

Start your review of Sandboxing a Linux Application

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.