Explore the intricacies of isolating Linux applications through sandboxing in this 42-minute conference talk from NDC TechTown 2021. Delve into the methods of safely evaluating downloaded code and understand the mechanics behind Docker's filesystem setup within a running system. Gain valuable insights into the APIs used by major projects like Chromium and Docker for system protection and problem-solving. Learn how to create your own sandbox on Linux, covering topics such as namespaces (including uid, mount, and network), process management, and writing filters for argument checking.
Overview
Syllabus
Intro
What is a sandbox
namespaces
uid namespace
mount namespace
get rid of processes
Network namespace
Other namespaces
Writing filters
Checking arguments
Taught by
NDC Conferences
