Sandboxing a Linux Application
Offered By: NDC Conferences via YouTube
Course Description
Overview
Explore the intricacies of sandboxing Linux applications in this comprehensive conference talk from NDC Security 2022. Delve into the methods of isolating applications from the rest of the Linux system, safely evaluating downloaded code, and understanding how Docker sets up new filesystems. Learn to create your own sandbox using available Linux APIs, gaining insights into how major projects like Chromium and Docker utilize these techniques for system protection and problem-solving. Cover topics including namespaces, user and PID namespaces, file system manipulation, and Seccomp for system protection. Gain practical knowledge through an example application, exploring concepts such as running as root, creating new mount points, and implementing temporary file systems.
Syllabus
Intro
Who am I
Disclaimer
What is a Sandbox
Why use a Sandbox
Application expectations
Setting up a sandbox
Example application
namespaces
usernamespace
mappings
running as root
making a new file system
making a new mount point
making a temporary file system
proc file system
new proc namespace
pid namespace
Create new namespace
Clone newnet
Build the application
Protect the system
Seccomp
Seccomp Program
libsec comp
argument checks
compare strings
Taught by
NDC Conferences
Related Courses
Health Informatics: Data and Interoperability StandardsGeorgia Institute of Technology via edX Fractal Architecture
NDC Conferences via YouTube Strangling the Monolith - Applied Patterns & Practices from the Trenches
NDC Conferences via YouTube Refactoring Is Not Just Clickbait
NDC Conferences via YouTube Amazing Algorithms for Solving Problems in Software
NDC Conferences via YouTube