Greetings, I'm running Debian Squeeze and want to run an application (SPSS for Linux) by normal (unprivelaged) users. This application requires that be installed as root. However, when installing and running the application I want to prevent it from making any changes to my system. I assume the best (only?) way to do this is to run a chroot envionrment. This would be what is known as "jailing" the application I presume? I also read that Debian has a package called makejail to make the whole process easier/simpler.
My question is I'm looking for some advice on how to go about this, good reading materials, perhaps an example or two of other people running other applications. If chroot is the way to go, what drawbacks are there. If not, what other methods might I use to "sandbox" the application.
Many thanks in advance,
Arthur
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
[SOLVED] How do I "sandbox" an application
-
oOarthurOo
- Posts: 544
- Joined: 2008-10-25 12:00
- Location: Canada
[SOLVED] How do I "sandbox" an application
Last edited by oOarthurOo on 2010-01-25 20:17, edited 1 time in total.
Re: How do I "sandbox" an application
For reading/reference I suggest you install debian-reference which will give you offline access to Debian Reference
Section 9.8.4. deals with chroot.
You can also read the documentation for makejail at http://www.floc.net/makejail/current/doc/
You might also consider using virtualisation such as qemu or virtualbox to separate the application from the installed OS.
You can of course browse it online as well http://www.debian.org/doc/manuals/reference/intended to provide a broad overview of the Debian
system as a post-installation user's guide. It covers many aspects of system
administration through shell-command examples for non-developers.
Section 9.8.4. deals with chroot.
You can also read the documentation for makejail at http://www.floc.net/makejail/current/doc/
You might also consider using virtualisation such as qemu or virtualbox to separate the application from the installed OS.
Wisdom from my inbox: "do not mock at your pottenocy"
-
oOarthurOo
- Posts: 544
- Joined: 2008-10-25 12:00
- Location: Canada
Re: How do I "sandbox" an application
Thanks. After looking into it further I realized that what I want to do isn't really feasible. It's possible to use SE Linux to approximate what I want to do, but as I've not got that installed and have disabled it in my custom kernel, that's not an option for me. As for chroot if I am going to run it in a virtualized system I may as well just run xp in vbox and use the windows version.
I'll mark as solved though, since that sounds better than 'given up'.
I'll mark as solved though, since that sounds better than 'given up'.
Re: [SOLVED] How do I "sandbox" an application
This might do what you need: http://www.freedesktop.org/wiki/Software/PolicyKit (but I don't know, haven't actively used PolicyKit)
Ubuntu hate is a mental derangement.