carlgleisner
FreeBSD Capsicum for sandboxing ports
Hi all,
I came across this lovely lightning talk about sandboxing using, among other things, Capsicum on FreeBSD:
It was posted on the Erlang forums as well:
In the lightning talk, Krasen talks about NIF:s and C nodes for interoperability and combining that with sandboxing techniques. I’m using ports for processing Word documents – i.e. unzipping and XML parsing – and figure that should be possible to sandbox in a similar manner.
If anyone would be interested in sharing any experience or resources doing this I would be most grateful ![]()
Most Liked
krasenyp
I don’t know why I’m seeing this now. I’ll make sure to develop an example project for the approach I present in the video.
drobban
I have done something similar in Freebsd with Jails.
Where I wanted an environment completely locked down for evaluating code from “external” sources. Im using ports and the only data allowed to flow back and forth is a stream of text.
The environment running the code is completely locked down, minimal user privileges in a readonly setup.
Heard of capsicum previously, but never explored it. So I will definitely have a look at it =) so thank you for the link
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance









