I would like the user to specify a list of commands for gathering statistics about the system that he/she is interested in. I would run these under various scenarios automatically. However I'm not quite sure how to sandbox the commands safely.

One option would be to carry a whitelist of allowed command, but it would need to be maintained. I'd like to be really flexible such as, is it possible to run a command in Linux with read only file permissions?

What are your ideas?

I would like the user to specify a list of commands for gathering statistics about the system that he/she is interested in. I would run these under various scenarios automatically. However I'm not quite sure how to sandbox the commands safely.

One option would be to carry a whitelist of allowed commands, but it would need to be maintained. I'd like to be really flexible such as, is it possible to run an arbitrary command in Linux with read only file permissions?

What are your ideas?