You are not logged in.
- Topics: Active | Unanswered
#1 2016-04-15 20:32:31
- mabra
- Member
- Registered: 2015-09-05
- Posts: 57
Security, workspaces and isolated/restriczed processes
Hi All !
I just try to find a way, where I can run a webbrowser in a more isolated environment.
This ends most of the time in running it inside a LXC container or such.
Also this is really a bit complex, there is probably a easier way using 'cgroups'
which is about limiting resources, like networks/filesystems etc. pp. Example:
Per process routing take 2: using cgroups, iptables and policy routing and here
Using Linux Network Namespaces for per processes routing
If one can put processes into a cgroup, one can give them a custom routing oder even ip-address,
which is much easier to filter, ether locally (with iptables) or at the firewall.
So a very wonderful hit could be, to start all processes inside a given XFCE workspace inside
a separate cgroup. For this case, a colored border of such a workspace could give a good
extra hint to remember.
I am, sorry, not that type of linux insider, that I [currently ;-) ] could do this by myself.
Just a thinking about the future of XFCE ... ;-)
Comments are welcome too!
Best regards,
Manfred
Offline
- Registered users online in this topic: 0, guests: 1
- [Bot] ClaudeBot
[ Generated in 0.007 seconds, 7 queries executed - Memory usage: 523.95 KiB (Peak: 544.54 KiB) ]