I would like the user to specify a list of commands for gathering statistics about the system that he/she is interested in. I would run these under various scenarios automatically. However I'm not quite sure how to sandbox the commands safely.
One option would be to carry a whitelist of allowed commands, but it would need to be maintained. I'd like to be really flexible such as, is it possible to run an arbitrary command in Linux with read only file permissions?
What are your ideas?
Under Gentoo there is the sandbox tool that allows running programs in a sandbox with only read access to the outside. I built it successfully under Ubuntu, too. The sources can be downloaded here.
sandbox is used in Gentoo to safely run make install when building packages, so a lot of the documentation you'll find will be on that. This bugday.gentoo.org/sandbox.html seems useful. Tweaking more (e.g. adding selective r+w support devmanual.gentoo.org/function-reference/sandbox-functions/…) would require you to install additional Gentoo software from portage, e.g. ebuild.sh and deps from sources.gentoo.org/cgi-bin/viewvc.cgi/portage/main/branches/…
Commented
Jul 13, 2010 at 10:48
SELinux will allow you to do this. You can either put the executables into a restricted domain, or you can create a new role with limited permissions.
