Running Untrusted Programs in a Sandbox in Linux

Isolate is the program to do it. It has quite a nice introduction on it's website but unfortunately has to be downloaded in source and compiled yourself. It can help running a media player or your browser more safely.

You can download it with subversion via:
svn checkout isolate-read-only

You need to install at least the libelf headers to compile it, e.g. sudo aptitude install libelf-dev in Debian based systems like Ubuntu. There is absolutely no documentation inside the tree except a GPL 2.0 license.

Thanks to LWN. See the comments there for more suggestions about isolation technologies like Rainbow.


  1. I seems the link is broken. is throwing 403 for me.

  2. Yes, I think Google code is going down, unfortunately. Of course this may have other reasons.


I appreciate comments. And I do read them.