bug#45198: 28.0.50; Sandbox mode

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#45198: 28.0.50; Sandbox mode

From:	Philipp Stephani
Subject:	bug#45198: 28.0.50; Sandbox mode
Date:	Sat, 17 Apr 2021 21:19:37 +0200

Am Sa., 17. Apr. 2021 um 19:48 Uhr schrieb Mattias Engdegård <mattiase@acm.org>:
>
> 17 apr. 2021 kl. 18.10 skrev Philipp <p.stephani2@gmail.com>:
>
> > (cl-defun start-sandbox (function &key readable-directories stdout-buffer) 
> > ...)
> > (defun wait-for-sandbox (sandbox) ...)
> >
> > where start-sandbox returns an opaque sandbox object running FUNCTION that 
> > wait-for-sandbox can wait for.  That should be generic enough that it's 
> > extensible and implementable on several platforms, and doesn't lock us into 
> > specific implementation choices.
>
> That's probably a nice interface. A slightly more low-level mechanism is what 
> I had in mind, a `make-process` variant that starts an Emacs subprocess with 
> the required arguments to set up a sandbox and leaving it to the user to 
> supply remaining arguments. But maybe we are really talking about more or 
> less the same thing.

Yes, that would essentially be how start-sandbox would get
implemented. In the Seccomp case, something like (conceptually)
(start-process "bwrap ... -- emacs --seccomp=... --quick --batch
--eval=FUNCTION")
where bwrap can set up mount namespaces to restrict the filesystem.

[Prev in Thread]

Current Thread

[Next in Thread]

bug#45198: 28.0.50; Sandbox mode, (continued)

Prev by Date: bug#44128: bug#47800: bug#44128: [feature/native-comp] When invoking a symlink to the 'emacs' binary Emacs fails to start
Next by Date: bug#45198: 28.0.50; Sandbox mode
Previous by thread: bug#45198: 28.0.50; Sandbox mode
Next by thread: bug#45198: 28.0.50; Sandbox mode
Index(es):
- Date
- Thread