Running Untrusted Programs in a Sandbox in Linux

Isolate is the program to do it. It has quite a nice introduction on it's website but unfortunately has to be downloaded in source and compiled yourself. It can help running a media player or your browser more safely.

You can download it with subversion via:
svn checkout http://isolate.googlecode.com/svn/trunk/ isolate-read-only

You need to install at least the libelf headers to compile it, e.g. sudo aptitude install libelf-dev in Debian based systems like Ubuntu. There is absolutely no documentation inside the tree except a GPL 2.0 license.

Thanks to LWN. See the comments there for more suggestions about isolation technologies like Rainbow.

2 comments:

  1. I seems the link is broken. http://code.google.com/p/isolate/ is throwing 403 for me.

    ReplyDelete
  2. Yes, I think Google code is going down, unfortunately. Of course this may have other reasons.

    ReplyDelete

I appreciate comments. And I do read them.