Running an untrusted Linux application in a sandbox

Question

We have a device running Linux, and for this we need to run untrusted applications. We are trying to mitigate the following security issues -

An incorrect application should not adversely affect the main data and binaries of the OS.
An incorrect application should not adversely affect other application data and binaries.
Invalid application should not consume excessive processor, memory or disk and cause problems with DoS / resource starvation in the main OS or other applications

In terms of an untrustworthy application, it should only read and write to its own directory and, possibly, an installed USB drive

We are thinking of using one of the following approaches -

Approach 1 - Use SELinux as a Sandbox

Is it possible? I read a little SELinux and it looks a bit complicated in terms of setting up a policy file and providing it at runtime, etc. Can SELinux do this and limit an untrusted application to just read / write its own directory and also be able to set quota limits?

Approach 2 - Create a New Sandbox

During installation
- Create a new application user for each untrusted application.
- Print the entire application directory and permissions so that only the user of the application can read and write
- Set quotas for an application user using ulimit / quota li>
During startup, launch an untrusted application using
- Close all open file descriptors / descriptors
- chroot
- .

? , ? , ? Android , , Android ...

,

+5

user967973 15 . '13 16:35

2

user1959366 · Answer 1 · 2013-06-13T08:24:04+0000

SELinux - , , . , . , /. , . script, .

, SELinux , "" "" . "" .

mike · Answer 2 · 2016-10-23T03:06:17+0000

legato . chroot bind mount . api, . , . , , .. . , .