Sandboxing at runtime

From: Sanjeev Gupta
Subject: Sandboxing at runtime
Date: Wed, 22 Jul 2020 12:20:44 +0800

(I am cc:ing both lists, as I think the groups overlap, and both have the seame concerns)

A choice of either a dynamic library (with LD_PRELOAD) or running it under a "sandboxify" application.

If nothing else, this may simplify finding out the syscalls that are in use.  If there is interest, I could iterate (eg) gpsmon or ntpq,to estimate the smallest number of syscalls required.

I am not sure how portable this will be, as we support multiple OS kernels.

Sanjeev Gupta
+65 98551208

