How to sandbox applications?












64















I want to run small untrusted programs, but restrict them from accessing any files outside of their folder, network access, and everything else that they don't really need. What is the simplest way to achieve this?










share|improve this question

























  • I have never used it, so I can't make a complete answer, but AFAIK, AppArmor (wiki.ubuntu.com/AppArmor) should be able to do this.

    – Javier Rivera
    May 9 '13 at 8:51











  • Check out Vagrant, a wrapper for VirtualBox. vagrantup.com and [on Wikipedia](en.wikipedia.org/wiki/Vagrant_(software%29) and on github

    – Janus Troelsen
    May 9 '13 at 11:41













  • @JavierRivera FWIW, SELinux as well. No idea how easy it'd be to get running on Ubuntu though.

    – TC1
    May 9 '13 at 13:07











  • Apparmor is already installed by default in Ubuntu, so it should be easier.

    – Javier Rivera
    May 9 '13 at 15:09






  • 1





    It seems like they're are multiple possibilities: virtualisation using something like Virtualbox (like Vagrant), chroot, LXC, App Armor and SE Linux.

    – Flimm
    May 15 '13 at 13:21
















64















I want to run small untrusted programs, but restrict them from accessing any files outside of their folder, network access, and everything else that they don't really need. What is the simplest way to achieve this?










share|improve this question

























  • I have never used it, so I can't make a complete answer, but AFAIK, AppArmor (wiki.ubuntu.com/AppArmor) should be able to do this.

    – Javier Rivera
    May 9 '13 at 8:51











  • Check out Vagrant, a wrapper for VirtualBox. vagrantup.com and [on Wikipedia](en.wikipedia.org/wiki/Vagrant_(software%29) and on github

    – Janus Troelsen
    May 9 '13 at 11:41













  • @JavierRivera FWIW, SELinux as well. No idea how easy it'd be to get running on Ubuntu though.

    – TC1
    May 9 '13 at 13:07











  • Apparmor is already installed by default in Ubuntu, so it should be easier.

    – Javier Rivera
    May 9 '13 at 15:09






  • 1





    It seems like they're are multiple possibilities: virtualisation using something like Virtualbox (like Vagrant), chroot, LXC, App Armor and SE Linux.

    – Flimm
    May 15 '13 at 13:21














64












64








64


15






I want to run small untrusted programs, but restrict them from accessing any files outside of their folder, network access, and everything else that they don't really need. What is the simplest way to achieve this?










share|improve this question
















I want to run small untrusted programs, but restrict them from accessing any files outside of their folder, network access, and everything else that they don't really need. What is the simplest way to achieve this?







security






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jan 27 '14 at 14:25









Braiam

51.8k20136221




51.8k20136221










asked May 9 '13 at 8:02









michelmichel

4561510




4561510













  • I have never used it, so I can't make a complete answer, but AFAIK, AppArmor (wiki.ubuntu.com/AppArmor) should be able to do this.

    – Javier Rivera
    May 9 '13 at 8:51











  • Check out Vagrant, a wrapper for VirtualBox. vagrantup.com and [on Wikipedia](en.wikipedia.org/wiki/Vagrant_(software%29) and on github

    – Janus Troelsen
    May 9 '13 at 11:41













  • @JavierRivera FWIW, SELinux as well. No idea how easy it'd be to get running on Ubuntu though.

    – TC1
    May 9 '13 at 13:07











  • Apparmor is already installed by default in Ubuntu, so it should be easier.

    – Javier Rivera
    May 9 '13 at 15:09






  • 1





    It seems like they're are multiple possibilities: virtualisation using something like Virtualbox (like Vagrant), chroot, LXC, App Armor and SE Linux.

    – Flimm
    May 15 '13 at 13:21



















  • I have never used it, so I can't make a complete answer, but AFAIK, AppArmor (wiki.ubuntu.com/AppArmor) should be able to do this.

    – Javier Rivera
    May 9 '13 at 8:51











  • Check out Vagrant, a wrapper for VirtualBox. vagrantup.com and [on Wikipedia](en.wikipedia.org/wiki/Vagrant_(software%29) and on github

    – Janus Troelsen
    May 9 '13 at 11:41













  • @JavierRivera FWIW, SELinux as well. No idea how easy it'd be to get running on Ubuntu though.

    – TC1
    May 9 '13 at 13:07











  • Apparmor is already installed by default in Ubuntu, so it should be easier.

    – Javier Rivera
    May 9 '13 at 15:09






  • 1





    It seems like they're are multiple possibilities: virtualisation using something like Virtualbox (like Vagrant), chroot, LXC, App Armor and SE Linux.

    – Flimm
    May 15 '13 at 13:21

















I have never used it, so I can't make a complete answer, but AFAIK, AppArmor (wiki.ubuntu.com/AppArmor) should be able to do this.

– Javier Rivera
May 9 '13 at 8:51





I have never used it, so I can't make a complete answer, but AFAIK, AppArmor (wiki.ubuntu.com/AppArmor) should be able to do this.

– Javier Rivera
May 9 '13 at 8:51













Check out Vagrant, a wrapper for VirtualBox. vagrantup.com and [on Wikipedia](en.wikipedia.org/wiki/Vagrant_(software%29) and on github

– Janus Troelsen
May 9 '13 at 11:41







Check out Vagrant, a wrapper for VirtualBox. vagrantup.com and [on Wikipedia](en.wikipedia.org/wiki/Vagrant_(software%29) and on github

– Janus Troelsen
May 9 '13 at 11:41















@JavierRivera FWIW, SELinux as well. No idea how easy it'd be to get running on Ubuntu though.

– TC1
May 9 '13 at 13:07





@JavierRivera FWIW, SELinux as well. No idea how easy it'd be to get running on Ubuntu though.

– TC1
May 9 '13 at 13:07













Apparmor is already installed by default in Ubuntu, so it should be easier.

– Javier Rivera
May 9 '13 at 15:09





Apparmor is already installed by default in Ubuntu, so it should be easier.

– Javier Rivera
May 9 '13 at 15:09




1




1





It seems like they're are multiple possibilities: virtualisation using something like Virtualbox (like Vagrant), chroot, LXC, App Armor and SE Linux.

– Flimm
May 15 '13 at 13:21





It seems like they're are multiple possibilities: virtualisation using something like Virtualbox (like Vagrant), chroot, LXC, App Armor and SE Linux.

– Flimm
May 15 '13 at 13:21










8 Answers
8






active

oldest

votes


















25














If they are really untrusted, and you want to be sure, you'd set up a separate box. Either really, or virtually.



Further, you don't want that box to be in the same network as your important stuff, if you are paranoid enough. In all solutions you'd set up a separate user with no rights, so not to open too much tools to the would-be compromiser.




  • So the safest option would be a separate box removed physically from your network.

  • You could give in a bit by adding it to the physical network, but on a different subnet: no 'real' connection inside

  • A virtual machine would be an option, but might have to give up some performance


If you are bound on running it on the same box, you have for instance, this option





  • chroot. This is a default option for doing this for lots of people, and for non-specific threats it might even work. But it is NOT a security option, and can be broken out of rather easily. I'd suggest to use this as intended, i.e. not for security.


In the end you might need to set up a specific sandboxing model without the hassle of virtualization or separate boxes, or the still-at-risk situation of chroot. I doubt this is what you meant, but look at this link for some more in-depth information.






share|improve this answer


























  • How safe would it be security wise to run an untrusted application on a virtual machine? I've heard of theoretical exploits which can access the host operating system through the hypervisor and infect it.

    – zuallauz
    May 10 '13 at 0:01













  • It could be, although I'm currently not aware of real threats like that, certainly not non-targeted ones. You should consider the attacker writing malware in a game would not go to those lengths. Now a spear-attack on you alone might ofcourse, if they know your layout, but still I don't think that's your first concern. If you are that certain they are mallicious you should really set up an isolated box anyway, network wise.

    – Nanne
    May 10 '13 at 7:06



















12














Firejail is fairly new and in constant development. Easy to use.



You can simply:



sudo apt-get install firejail
firejail app





share|improve this answer


























  • Welcome to Ask Ubuntu! Whilst this may theoretically answer the question, it would be preferable to include the essential parts of the answer here, and provide the link for reference.

    – Mark Kirby
    Dec 11 '15 at 9:43



















12














Docker will help you to set up containers that you can run off of your current kernel, yet keep contained away from the rest of your system. It seems pretty cutting edge but there's an Ubuntu focus an good documentation.






share|improve this answer





















  • 4





    I think this is a good option for most cases. However, the "untrusted" part of the original question, would concern me a bit. There are demonstrated hacks available that can allow an application to "break" out of it's container. And given that docker containers run at root access, this could be dangerous, if your goal was to sandbox the applications from each other.

    – Cris Holdorph
    Aug 22 '14 at 22:37











  • @CrisHoldorph correct although Docker is getting better and I even think it is nowadays possible to run a docker unprivileged (not as root). This is certainly true now for LXC and LXD (the sometimes so called LXC daemon) can simplify greatly the creation of such containers. So modern unprivileged containers can be considered as an improvement in terms of security over chroot. But they are not an impenetrable barrier!

    – Huygens
    Oct 4 '15 at 12:21











  • Docker is not a security tool!

    – Federico
    Apr 6 '18 at 14:44



















10














Full virtualization/emulation (VirtualBox)



One possible solution is virtualization software such as VirtualBox which you can find in the software centre.




  • Install Virtual box

  • Create a virtual machine with networking enabled

  • Install Ubuntu or perhaps a lighter desktop such as Lubuntu

  • Fully update the installed OS (inside Virtual box)

  • Disable Networking on the virtual machine

  • Take a snapshot


You can now install the software you don't trust to see what it does. It can't upset the outside world or you host OS as it does not have access.



It may trash your virtual machine however but if it does you can just restore from your snapshot.



There may be other methods to limit the destructive power of untrusted software but this is the most robust method I can think of.



Container-based virtualization (Docker/LXC)



Another option may be LXC more information here



LXC is the userspace control package for Linux Containers, a lightweight virtual system mechanism sometimes described as “chroot on steroids”.



LXC builds up from chroot to implement complete virtual systems, adding resource management and isolation mechanisms to Linux’s existing process management infrastructure.



It's available in the software centre. I have no experience with however.






share|improve this answer





















  • 1





    That's just inconvenient. Create an entire virtual machine just to run games!!? that's not a very good solution. Don't you think setting the process's GID and UID would be WAY easier than this?

    – Jack Mayerz
    May 9 '13 at 8:58











  • Actually I think setting up a virtual box is sufficiently easy that I probably would not bother with taking a snapshot. If it trashes my virtual machine, I can discard it.

    – emory
    May 9 '13 at 14:18











  • Downvote: Factual incorrect reasoning even if the solution is rigth. Programs don't need to have the same privileges as the user running them. Linux and Ubuntu has supported MAC since years. Ubuntu uses AppArmos for this, and you can contain a program to a directory easily.

    – Javier Rivera
    May 9 '13 at 15:11











  • @JavierRivera "easily" is not the correct word, or a AppArmor profile and a SELinux policy for Firefox would be shipped by default with every distro and that is not the case. Ubuntu ships such profile but it is not active by default as it breaks a few "popular" Firefox features. There aren't much SELinux policies either for most GUI apps, such apps require too many permissions to be still called sandboxed. If you disagree, please post here links to sandbox Firefox safely using either AppArmor or SELinux! If you can I would be really happy :-)

    – Huygens
    Oct 4 '15 at 12:27











  • You should probably define "safe" for a meaningful answer but the default Firefox policy in Ubuntu is quite reasonable to me. Of course it breaks thing as is not as user-friendly as using nothing, but it's still much more user-friendly than a full virtual machine to me (that also breaks popular firefox features).

    – Javier Rivera
    Oct 6 '15 at 6:52



















9














mbox




Mbox is a lightweight sandboxing mechanism that any user can use without special privileges in commodity operating systems.





  • Source repo


I've used it for a couple of things reliably.






share|improve this answer

































    4














    subuser



    You can use subuser to sandbox your applications with Docker. This allows you do things like sandbox GUI apps, which isn't easy to do with Docker directly.



    sudo apt install subuser



    • Using subuser - a quick tutorial






    share|improve this answer

































      1














      I think, a possible solution is to create a separate user for testing purposes, and limit his privileges. This way you won't lose in performance, what would definitely happen in virtual machine, but I think this is less safe, if not set up very properly, which I can't advice on how to do.






      share|improve this answer



















      • 2





        This doesn't protect the system from malicious software that may still get installed or run - it also is not sandboxing in the manner that this question means

        – Thomas Ward
        Dec 10 '15 at 17:13



















      1














      DoSH - Docker SHell



      In case that you simply want to sandbox the activity of the users, you can use "DoSH"




      DoSH (which stands for Docker SHell) is a development to create Docker containers when users log in the Linux system and run a shell into them, instead of symply creating the shell.







      share|improve this answer
























        protected by Sergiy Kolodyazhnyy Jan 13 at 5:18



        Thank you for your interest in this question.
        Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).



        Would you like to answer one of these unanswered questions instead?














        8 Answers
        8






        active

        oldest

        votes








        8 Answers
        8






        active

        oldest

        votes









        active

        oldest

        votes






        active

        oldest

        votes









        25














        If they are really untrusted, and you want to be sure, you'd set up a separate box. Either really, or virtually.



        Further, you don't want that box to be in the same network as your important stuff, if you are paranoid enough. In all solutions you'd set up a separate user with no rights, so not to open too much tools to the would-be compromiser.




        • So the safest option would be a separate box removed physically from your network.

        • You could give in a bit by adding it to the physical network, but on a different subnet: no 'real' connection inside

        • A virtual machine would be an option, but might have to give up some performance


        If you are bound on running it on the same box, you have for instance, this option





        • chroot. This is a default option for doing this for lots of people, and for non-specific threats it might even work. But it is NOT a security option, and can be broken out of rather easily. I'd suggest to use this as intended, i.e. not for security.


        In the end you might need to set up a specific sandboxing model without the hassle of virtualization or separate boxes, or the still-at-risk situation of chroot. I doubt this is what you meant, but look at this link for some more in-depth information.






        share|improve this answer


























        • How safe would it be security wise to run an untrusted application on a virtual machine? I've heard of theoretical exploits which can access the host operating system through the hypervisor and infect it.

          – zuallauz
          May 10 '13 at 0:01













        • It could be, although I'm currently not aware of real threats like that, certainly not non-targeted ones. You should consider the attacker writing malware in a game would not go to those lengths. Now a spear-attack on you alone might ofcourse, if they know your layout, but still I don't think that's your first concern. If you are that certain they are mallicious you should really set up an isolated box anyway, network wise.

          – Nanne
          May 10 '13 at 7:06
















        25














        If they are really untrusted, and you want to be sure, you'd set up a separate box. Either really, or virtually.



        Further, you don't want that box to be in the same network as your important stuff, if you are paranoid enough. In all solutions you'd set up a separate user with no rights, so not to open too much tools to the would-be compromiser.




        • So the safest option would be a separate box removed physically from your network.

        • You could give in a bit by adding it to the physical network, but on a different subnet: no 'real' connection inside

        • A virtual machine would be an option, but might have to give up some performance


        If you are bound on running it on the same box, you have for instance, this option





        • chroot. This is a default option for doing this for lots of people, and for non-specific threats it might even work. But it is NOT a security option, and can be broken out of rather easily. I'd suggest to use this as intended, i.e. not for security.


        In the end you might need to set up a specific sandboxing model without the hassle of virtualization or separate boxes, or the still-at-risk situation of chroot. I doubt this is what you meant, but look at this link for some more in-depth information.






        share|improve this answer


























        • How safe would it be security wise to run an untrusted application on a virtual machine? I've heard of theoretical exploits which can access the host operating system through the hypervisor and infect it.

          – zuallauz
          May 10 '13 at 0:01













        • It could be, although I'm currently not aware of real threats like that, certainly not non-targeted ones. You should consider the attacker writing malware in a game would not go to those lengths. Now a spear-attack on you alone might ofcourse, if they know your layout, but still I don't think that's your first concern. If you are that certain they are mallicious you should really set up an isolated box anyway, network wise.

          – Nanne
          May 10 '13 at 7:06














        25












        25








        25







        If they are really untrusted, and you want to be sure, you'd set up a separate box. Either really, or virtually.



        Further, you don't want that box to be in the same network as your important stuff, if you are paranoid enough. In all solutions you'd set up a separate user with no rights, so not to open too much tools to the would-be compromiser.




        • So the safest option would be a separate box removed physically from your network.

        • You could give in a bit by adding it to the physical network, but on a different subnet: no 'real' connection inside

        • A virtual machine would be an option, but might have to give up some performance


        If you are bound on running it on the same box, you have for instance, this option





        • chroot. This is a default option for doing this for lots of people, and for non-specific threats it might even work. But it is NOT a security option, and can be broken out of rather easily. I'd suggest to use this as intended, i.e. not for security.


        In the end you might need to set up a specific sandboxing model without the hassle of virtualization or separate boxes, or the still-at-risk situation of chroot. I doubt this is what you meant, but look at this link for some more in-depth information.






        share|improve this answer















        If they are really untrusted, and you want to be sure, you'd set up a separate box. Either really, or virtually.



        Further, you don't want that box to be in the same network as your important stuff, if you are paranoid enough. In all solutions you'd set up a separate user with no rights, so not to open too much tools to the would-be compromiser.




        • So the safest option would be a separate box removed physically from your network.

        • You could give in a bit by adding it to the physical network, but on a different subnet: no 'real' connection inside

        • A virtual machine would be an option, but might have to give up some performance


        If you are bound on running it on the same box, you have for instance, this option





        • chroot. This is a default option for doing this for lots of people, and for non-specific threats it might even work. But it is NOT a security option, and can be broken out of rather easily. I'd suggest to use this as intended, i.e. not for security.


        In the end you might need to set up a specific sandboxing model without the hassle of virtualization or separate boxes, or the still-at-risk situation of chroot. I doubt this is what you meant, but look at this link for some more in-depth information.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Jan 13 at 5:04









        Pablo Bianchi

        2,5751532




        2,5751532










        answered May 9 '13 at 9:00









        NanneNanne

        5,41433247




        5,41433247













        • How safe would it be security wise to run an untrusted application on a virtual machine? I've heard of theoretical exploits which can access the host operating system through the hypervisor and infect it.

          – zuallauz
          May 10 '13 at 0:01













        • It could be, although I'm currently not aware of real threats like that, certainly not non-targeted ones. You should consider the attacker writing malware in a game would not go to those lengths. Now a spear-attack on you alone might ofcourse, if they know your layout, but still I don't think that's your first concern. If you are that certain they are mallicious you should really set up an isolated box anyway, network wise.

          – Nanne
          May 10 '13 at 7:06



















        • How safe would it be security wise to run an untrusted application on a virtual machine? I've heard of theoretical exploits which can access the host operating system through the hypervisor and infect it.

          – zuallauz
          May 10 '13 at 0:01













        • It could be, although I'm currently not aware of real threats like that, certainly not non-targeted ones. You should consider the attacker writing malware in a game would not go to those lengths. Now a spear-attack on you alone might ofcourse, if they know your layout, but still I don't think that's your first concern. If you are that certain they are mallicious you should really set up an isolated box anyway, network wise.

          – Nanne
          May 10 '13 at 7:06

















        How safe would it be security wise to run an untrusted application on a virtual machine? I've heard of theoretical exploits which can access the host operating system through the hypervisor and infect it.

        – zuallauz
        May 10 '13 at 0:01







        How safe would it be security wise to run an untrusted application on a virtual machine? I've heard of theoretical exploits which can access the host operating system through the hypervisor and infect it.

        – zuallauz
        May 10 '13 at 0:01















        It could be, although I'm currently not aware of real threats like that, certainly not non-targeted ones. You should consider the attacker writing malware in a game would not go to those lengths. Now a spear-attack on you alone might ofcourse, if they know your layout, but still I don't think that's your first concern. If you are that certain they are mallicious you should really set up an isolated box anyway, network wise.

        – Nanne
        May 10 '13 at 7:06





        It could be, although I'm currently not aware of real threats like that, certainly not non-targeted ones. You should consider the attacker writing malware in a game would not go to those lengths. Now a spear-attack on you alone might ofcourse, if they know your layout, but still I don't think that's your first concern. If you are that certain they are mallicious you should really set up an isolated box anyway, network wise.

        – Nanne
        May 10 '13 at 7:06













        12














        Firejail is fairly new and in constant development. Easy to use.



        You can simply:



        sudo apt-get install firejail
        firejail app





        share|improve this answer


























        • Welcome to Ask Ubuntu! Whilst this may theoretically answer the question, it would be preferable to include the essential parts of the answer here, and provide the link for reference.

          – Mark Kirby
          Dec 11 '15 at 9:43
















        12














        Firejail is fairly new and in constant development. Easy to use.



        You can simply:



        sudo apt-get install firejail
        firejail app





        share|improve this answer


























        • Welcome to Ask Ubuntu! Whilst this may theoretically answer the question, it would be preferable to include the essential parts of the answer here, and provide the link for reference.

          – Mark Kirby
          Dec 11 '15 at 9:43














        12












        12








        12







        Firejail is fairly new and in constant development. Easy to use.



        You can simply:



        sudo apt-get install firejail
        firejail app





        share|improve this answer















        Firejail is fairly new and in constant development. Easy to use.



        You can simply:



        sudo apt-get install firejail
        firejail app






        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Jan 19 '18 at 11:20









        David Foerster

        28.1k1365111




        28.1k1365111










        answered Dec 10 '15 at 17:10









        penguinforsupperpenguinforsupper

        12113




        12113













        • Welcome to Ask Ubuntu! Whilst this may theoretically answer the question, it would be preferable to include the essential parts of the answer here, and provide the link for reference.

          – Mark Kirby
          Dec 11 '15 at 9:43



















        • Welcome to Ask Ubuntu! Whilst this may theoretically answer the question, it would be preferable to include the essential parts of the answer here, and provide the link for reference.

          – Mark Kirby
          Dec 11 '15 at 9:43

















        Welcome to Ask Ubuntu! Whilst this may theoretically answer the question, it would be preferable to include the essential parts of the answer here, and provide the link for reference.

        – Mark Kirby
        Dec 11 '15 at 9:43





        Welcome to Ask Ubuntu! Whilst this may theoretically answer the question, it would be preferable to include the essential parts of the answer here, and provide the link for reference.

        – Mark Kirby
        Dec 11 '15 at 9:43











        12














        Docker will help you to set up containers that you can run off of your current kernel, yet keep contained away from the rest of your system. It seems pretty cutting edge but there's an Ubuntu focus an good documentation.






        share|improve this answer





















        • 4





          I think this is a good option for most cases. However, the "untrusted" part of the original question, would concern me a bit. There are demonstrated hacks available that can allow an application to "break" out of it's container. And given that docker containers run at root access, this could be dangerous, if your goal was to sandbox the applications from each other.

          – Cris Holdorph
          Aug 22 '14 at 22:37











        • @CrisHoldorph correct although Docker is getting better and I even think it is nowadays possible to run a docker unprivileged (not as root). This is certainly true now for LXC and LXD (the sometimes so called LXC daemon) can simplify greatly the creation of such containers. So modern unprivileged containers can be considered as an improvement in terms of security over chroot. But they are not an impenetrable barrier!

          – Huygens
          Oct 4 '15 at 12:21











        • Docker is not a security tool!

          – Federico
          Apr 6 '18 at 14:44
















        12














        Docker will help you to set up containers that you can run off of your current kernel, yet keep contained away from the rest of your system. It seems pretty cutting edge but there's an Ubuntu focus an good documentation.






        share|improve this answer





















        • 4





          I think this is a good option for most cases. However, the "untrusted" part of the original question, would concern me a bit. There are demonstrated hacks available that can allow an application to "break" out of it's container. And given that docker containers run at root access, this could be dangerous, if your goal was to sandbox the applications from each other.

          – Cris Holdorph
          Aug 22 '14 at 22:37











        • @CrisHoldorph correct although Docker is getting better and I even think it is nowadays possible to run a docker unprivileged (not as root). This is certainly true now for LXC and LXD (the sometimes so called LXC daemon) can simplify greatly the creation of such containers. So modern unprivileged containers can be considered as an improvement in terms of security over chroot. But they are not an impenetrable barrier!

          – Huygens
          Oct 4 '15 at 12:21











        • Docker is not a security tool!

          – Federico
          Apr 6 '18 at 14:44














        12












        12








        12







        Docker will help you to set up containers that you can run off of your current kernel, yet keep contained away from the rest of your system. It seems pretty cutting edge but there's an Ubuntu focus an good documentation.






        share|improve this answer















        Docker will help you to set up containers that you can run off of your current kernel, yet keep contained away from the rest of your system. It seems pretty cutting edge but there's an Ubuntu focus an good documentation.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Jan 13 at 5:01









        Pablo Bianchi

        2,5751532




        2,5751532










        answered May 22 '13 at 0:13









        N. Thomas KorN. Thomas Kor

        1412




        1412








        • 4





          I think this is a good option for most cases. However, the "untrusted" part of the original question, would concern me a bit. There are demonstrated hacks available that can allow an application to "break" out of it's container. And given that docker containers run at root access, this could be dangerous, if your goal was to sandbox the applications from each other.

          – Cris Holdorph
          Aug 22 '14 at 22:37











        • @CrisHoldorph correct although Docker is getting better and I even think it is nowadays possible to run a docker unprivileged (not as root). This is certainly true now for LXC and LXD (the sometimes so called LXC daemon) can simplify greatly the creation of such containers. So modern unprivileged containers can be considered as an improvement in terms of security over chroot. But they are not an impenetrable barrier!

          – Huygens
          Oct 4 '15 at 12:21











        • Docker is not a security tool!

          – Federico
          Apr 6 '18 at 14:44














        • 4





          I think this is a good option for most cases. However, the "untrusted" part of the original question, would concern me a bit. There are demonstrated hacks available that can allow an application to "break" out of it's container. And given that docker containers run at root access, this could be dangerous, if your goal was to sandbox the applications from each other.

          – Cris Holdorph
          Aug 22 '14 at 22:37











        • @CrisHoldorph correct although Docker is getting better and I even think it is nowadays possible to run a docker unprivileged (not as root). This is certainly true now for LXC and LXD (the sometimes so called LXC daemon) can simplify greatly the creation of such containers. So modern unprivileged containers can be considered as an improvement in terms of security over chroot. But they are not an impenetrable barrier!

          – Huygens
          Oct 4 '15 at 12:21











        • Docker is not a security tool!

          – Federico
          Apr 6 '18 at 14:44








        4




        4





        I think this is a good option for most cases. However, the "untrusted" part of the original question, would concern me a bit. There are demonstrated hacks available that can allow an application to "break" out of it's container. And given that docker containers run at root access, this could be dangerous, if your goal was to sandbox the applications from each other.

        – Cris Holdorph
        Aug 22 '14 at 22:37





        I think this is a good option for most cases. However, the "untrusted" part of the original question, would concern me a bit. There are demonstrated hacks available that can allow an application to "break" out of it's container. And given that docker containers run at root access, this could be dangerous, if your goal was to sandbox the applications from each other.

        – Cris Holdorph
        Aug 22 '14 at 22:37













        @CrisHoldorph correct although Docker is getting better and I even think it is nowadays possible to run a docker unprivileged (not as root). This is certainly true now for LXC and LXD (the sometimes so called LXC daemon) can simplify greatly the creation of such containers. So modern unprivileged containers can be considered as an improvement in terms of security over chroot. But they are not an impenetrable barrier!

        – Huygens
        Oct 4 '15 at 12:21





        @CrisHoldorph correct although Docker is getting better and I even think it is nowadays possible to run a docker unprivileged (not as root). This is certainly true now for LXC and LXD (the sometimes so called LXC daemon) can simplify greatly the creation of such containers. So modern unprivileged containers can be considered as an improvement in terms of security over chroot. But they are not an impenetrable barrier!

        – Huygens
        Oct 4 '15 at 12:21













        Docker is not a security tool!

        – Federico
        Apr 6 '18 at 14:44





        Docker is not a security tool!

        – Federico
        Apr 6 '18 at 14:44











        10














        Full virtualization/emulation (VirtualBox)



        One possible solution is virtualization software such as VirtualBox which you can find in the software centre.




        • Install Virtual box

        • Create a virtual machine with networking enabled

        • Install Ubuntu or perhaps a lighter desktop such as Lubuntu

        • Fully update the installed OS (inside Virtual box)

        • Disable Networking on the virtual machine

        • Take a snapshot


        You can now install the software you don't trust to see what it does. It can't upset the outside world or you host OS as it does not have access.



        It may trash your virtual machine however but if it does you can just restore from your snapshot.



        There may be other methods to limit the destructive power of untrusted software but this is the most robust method I can think of.



        Container-based virtualization (Docker/LXC)



        Another option may be LXC more information here



        LXC is the userspace control package for Linux Containers, a lightweight virtual system mechanism sometimes described as “chroot on steroids”.



        LXC builds up from chroot to implement complete virtual systems, adding resource management and isolation mechanisms to Linux’s existing process management infrastructure.



        It's available in the software centre. I have no experience with however.






        share|improve this answer





















        • 1





          That's just inconvenient. Create an entire virtual machine just to run games!!? that's not a very good solution. Don't you think setting the process's GID and UID would be WAY easier than this?

          – Jack Mayerz
          May 9 '13 at 8:58











        • Actually I think setting up a virtual box is sufficiently easy that I probably would not bother with taking a snapshot. If it trashes my virtual machine, I can discard it.

          – emory
          May 9 '13 at 14:18











        • Downvote: Factual incorrect reasoning even if the solution is rigth. Programs don't need to have the same privileges as the user running them. Linux and Ubuntu has supported MAC since years. Ubuntu uses AppArmos for this, and you can contain a program to a directory easily.

          – Javier Rivera
          May 9 '13 at 15:11











        • @JavierRivera "easily" is not the correct word, or a AppArmor profile and a SELinux policy for Firefox would be shipped by default with every distro and that is not the case. Ubuntu ships such profile but it is not active by default as it breaks a few "popular" Firefox features. There aren't much SELinux policies either for most GUI apps, such apps require too many permissions to be still called sandboxed. If you disagree, please post here links to sandbox Firefox safely using either AppArmor or SELinux! If you can I would be really happy :-)

          – Huygens
          Oct 4 '15 at 12:27











        • You should probably define "safe" for a meaningful answer but the default Firefox policy in Ubuntu is quite reasonable to me. Of course it breaks thing as is not as user-friendly as using nothing, but it's still much more user-friendly than a full virtual machine to me (that also breaks popular firefox features).

          – Javier Rivera
          Oct 6 '15 at 6:52
















        10














        Full virtualization/emulation (VirtualBox)



        One possible solution is virtualization software such as VirtualBox which you can find in the software centre.




        • Install Virtual box

        • Create a virtual machine with networking enabled

        • Install Ubuntu or perhaps a lighter desktop such as Lubuntu

        • Fully update the installed OS (inside Virtual box)

        • Disable Networking on the virtual machine

        • Take a snapshot


        You can now install the software you don't trust to see what it does. It can't upset the outside world or you host OS as it does not have access.



        It may trash your virtual machine however but if it does you can just restore from your snapshot.



        There may be other methods to limit the destructive power of untrusted software but this is the most robust method I can think of.



        Container-based virtualization (Docker/LXC)



        Another option may be LXC more information here



        LXC is the userspace control package for Linux Containers, a lightweight virtual system mechanism sometimes described as “chroot on steroids”.



        LXC builds up from chroot to implement complete virtual systems, adding resource management and isolation mechanisms to Linux’s existing process management infrastructure.



        It's available in the software centre. I have no experience with however.






        share|improve this answer





















        • 1





          That's just inconvenient. Create an entire virtual machine just to run games!!? that's not a very good solution. Don't you think setting the process's GID and UID would be WAY easier than this?

          – Jack Mayerz
          May 9 '13 at 8:58











        • Actually I think setting up a virtual box is sufficiently easy that I probably would not bother with taking a snapshot. If it trashes my virtual machine, I can discard it.

          – emory
          May 9 '13 at 14:18











        • Downvote: Factual incorrect reasoning even if the solution is rigth. Programs don't need to have the same privileges as the user running them. Linux and Ubuntu has supported MAC since years. Ubuntu uses AppArmos for this, and you can contain a program to a directory easily.

          – Javier Rivera
          May 9 '13 at 15:11











        • @JavierRivera "easily" is not the correct word, or a AppArmor profile and a SELinux policy for Firefox would be shipped by default with every distro and that is not the case. Ubuntu ships such profile but it is not active by default as it breaks a few "popular" Firefox features. There aren't much SELinux policies either for most GUI apps, such apps require too many permissions to be still called sandboxed. If you disagree, please post here links to sandbox Firefox safely using either AppArmor or SELinux! If you can I would be really happy :-)

          – Huygens
          Oct 4 '15 at 12:27











        • You should probably define "safe" for a meaningful answer but the default Firefox policy in Ubuntu is quite reasonable to me. Of course it breaks thing as is not as user-friendly as using nothing, but it's still much more user-friendly than a full virtual machine to me (that also breaks popular firefox features).

          – Javier Rivera
          Oct 6 '15 at 6:52














        10












        10








        10







        Full virtualization/emulation (VirtualBox)



        One possible solution is virtualization software such as VirtualBox which you can find in the software centre.




        • Install Virtual box

        • Create a virtual machine with networking enabled

        • Install Ubuntu or perhaps a lighter desktop such as Lubuntu

        • Fully update the installed OS (inside Virtual box)

        • Disable Networking on the virtual machine

        • Take a snapshot


        You can now install the software you don't trust to see what it does. It can't upset the outside world or you host OS as it does not have access.



        It may trash your virtual machine however but if it does you can just restore from your snapshot.



        There may be other methods to limit the destructive power of untrusted software but this is the most robust method I can think of.



        Container-based virtualization (Docker/LXC)



        Another option may be LXC more information here



        LXC is the userspace control package for Linux Containers, a lightweight virtual system mechanism sometimes described as “chroot on steroids”.



        LXC builds up from chroot to implement complete virtual systems, adding resource management and isolation mechanisms to Linux’s existing process management infrastructure.



        It's available in the software centre. I have no experience with however.






        share|improve this answer















        Full virtualization/emulation (VirtualBox)



        One possible solution is virtualization software such as VirtualBox which you can find in the software centre.




        • Install Virtual box

        • Create a virtual machine with networking enabled

        • Install Ubuntu or perhaps a lighter desktop such as Lubuntu

        • Fully update the installed OS (inside Virtual box)

        • Disable Networking on the virtual machine

        • Take a snapshot


        You can now install the software you don't trust to see what it does. It can't upset the outside world or you host OS as it does not have access.



        It may trash your virtual machine however but if it does you can just restore from your snapshot.



        There may be other methods to limit the destructive power of untrusted software but this is the most robust method I can think of.



        Container-based virtualization (Docker/LXC)



        Another option may be LXC more information here



        LXC is the userspace control package for Linux Containers, a lightweight virtual system mechanism sometimes described as “chroot on steroids”.



        LXC builds up from chroot to implement complete virtual systems, adding resource management and isolation mechanisms to Linux’s existing process management infrastructure.



        It's available in the software centre. I have no experience with however.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Jan 13 at 5:00









        Pablo Bianchi

        2,5751532




        2,5751532










        answered May 9 '13 at 8:46









        Warren HillWarren Hill

        15.5k165376




        15.5k165376








        • 1





          That's just inconvenient. Create an entire virtual machine just to run games!!? that's not a very good solution. Don't you think setting the process's GID and UID would be WAY easier than this?

          – Jack Mayerz
          May 9 '13 at 8:58











        • Actually I think setting up a virtual box is sufficiently easy that I probably would not bother with taking a snapshot. If it trashes my virtual machine, I can discard it.

          – emory
          May 9 '13 at 14:18











        • Downvote: Factual incorrect reasoning even if the solution is rigth. Programs don't need to have the same privileges as the user running them. Linux and Ubuntu has supported MAC since years. Ubuntu uses AppArmos for this, and you can contain a program to a directory easily.

          – Javier Rivera
          May 9 '13 at 15:11











        • @JavierRivera "easily" is not the correct word, or a AppArmor profile and a SELinux policy for Firefox would be shipped by default with every distro and that is not the case. Ubuntu ships such profile but it is not active by default as it breaks a few "popular" Firefox features. There aren't much SELinux policies either for most GUI apps, such apps require too many permissions to be still called sandboxed. If you disagree, please post here links to sandbox Firefox safely using either AppArmor or SELinux! If you can I would be really happy :-)

          – Huygens
          Oct 4 '15 at 12:27











        • You should probably define "safe" for a meaningful answer but the default Firefox policy in Ubuntu is quite reasonable to me. Of course it breaks thing as is not as user-friendly as using nothing, but it's still much more user-friendly than a full virtual machine to me (that also breaks popular firefox features).

          – Javier Rivera
          Oct 6 '15 at 6:52














        • 1





          That's just inconvenient. Create an entire virtual machine just to run games!!? that's not a very good solution. Don't you think setting the process's GID and UID would be WAY easier than this?

          – Jack Mayerz
          May 9 '13 at 8:58











        • Actually I think setting up a virtual box is sufficiently easy that I probably would not bother with taking a snapshot. If it trashes my virtual machine, I can discard it.

          – emory
          May 9 '13 at 14:18











        • Downvote: Factual incorrect reasoning even if the solution is rigth. Programs don't need to have the same privileges as the user running them. Linux and Ubuntu has supported MAC since years. Ubuntu uses AppArmos for this, and you can contain a program to a directory easily.

          – Javier Rivera
          May 9 '13 at 15:11











        • @JavierRivera "easily" is not the correct word, or a AppArmor profile and a SELinux policy for Firefox would be shipped by default with every distro and that is not the case. Ubuntu ships such profile but it is not active by default as it breaks a few "popular" Firefox features. There aren't much SELinux policies either for most GUI apps, such apps require too many permissions to be still called sandboxed. If you disagree, please post here links to sandbox Firefox safely using either AppArmor or SELinux! If you can I would be really happy :-)

          – Huygens
          Oct 4 '15 at 12:27











        • You should probably define "safe" for a meaningful answer but the default Firefox policy in Ubuntu is quite reasonable to me. Of course it breaks thing as is not as user-friendly as using nothing, but it's still much more user-friendly than a full virtual machine to me (that also breaks popular firefox features).

          – Javier Rivera
          Oct 6 '15 at 6:52








        1




        1





        That's just inconvenient. Create an entire virtual machine just to run games!!? that's not a very good solution. Don't you think setting the process's GID and UID would be WAY easier than this?

        – Jack Mayerz
        May 9 '13 at 8:58





        That's just inconvenient. Create an entire virtual machine just to run games!!? that's not a very good solution. Don't you think setting the process's GID and UID would be WAY easier than this?

        – Jack Mayerz
        May 9 '13 at 8:58













        Actually I think setting up a virtual box is sufficiently easy that I probably would not bother with taking a snapshot. If it trashes my virtual machine, I can discard it.

        – emory
        May 9 '13 at 14:18





        Actually I think setting up a virtual box is sufficiently easy that I probably would not bother with taking a snapshot. If it trashes my virtual machine, I can discard it.

        – emory
        May 9 '13 at 14:18













        Downvote: Factual incorrect reasoning even if the solution is rigth. Programs don't need to have the same privileges as the user running them. Linux and Ubuntu has supported MAC since years. Ubuntu uses AppArmos for this, and you can contain a program to a directory easily.

        – Javier Rivera
        May 9 '13 at 15:11





        Downvote: Factual incorrect reasoning even if the solution is rigth. Programs don't need to have the same privileges as the user running them. Linux and Ubuntu has supported MAC since years. Ubuntu uses AppArmos for this, and you can contain a program to a directory easily.

        – Javier Rivera
        May 9 '13 at 15:11













        @JavierRivera "easily" is not the correct word, or a AppArmor profile and a SELinux policy for Firefox would be shipped by default with every distro and that is not the case. Ubuntu ships such profile but it is not active by default as it breaks a few "popular" Firefox features. There aren't much SELinux policies either for most GUI apps, such apps require too many permissions to be still called sandboxed. If you disagree, please post here links to sandbox Firefox safely using either AppArmor or SELinux! If you can I would be really happy :-)

        – Huygens
        Oct 4 '15 at 12:27





        @JavierRivera "easily" is not the correct word, or a AppArmor profile and a SELinux policy for Firefox would be shipped by default with every distro and that is not the case. Ubuntu ships such profile but it is not active by default as it breaks a few "popular" Firefox features. There aren't much SELinux policies either for most GUI apps, such apps require too many permissions to be still called sandboxed. If you disagree, please post here links to sandbox Firefox safely using either AppArmor or SELinux! If you can I would be really happy :-)

        – Huygens
        Oct 4 '15 at 12:27













        You should probably define "safe" for a meaningful answer but the default Firefox policy in Ubuntu is quite reasonable to me. Of course it breaks thing as is not as user-friendly as using nothing, but it's still much more user-friendly than a full virtual machine to me (that also breaks popular firefox features).

        – Javier Rivera
        Oct 6 '15 at 6:52





        You should probably define "safe" for a meaningful answer but the default Firefox policy in Ubuntu is quite reasonable to me. Of course it breaks thing as is not as user-friendly as using nothing, but it's still much more user-friendly than a full virtual machine to me (that also breaks popular firefox features).

        – Javier Rivera
        Oct 6 '15 at 6:52











        9














        mbox




        Mbox is a lightweight sandboxing mechanism that any user can use without special privileges in commodity operating systems.





        • Source repo


        I've used it for a couple of things reliably.






        share|improve this answer






























          9














          mbox




          Mbox is a lightweight sandboxing mechanism that any user can use without special privileges in commodity operating systems.





          • Source repo


          I've used it for a couple of things reliably.






          share|improve this answer




























            9












            9








            9







            mbox




            Mbox is a lightweight sandboxing mechanism that any user can use without special privileges in commodity operating systems.





            • Source repo


            I've used it for a couple of things reliably.






            share|improve this answer















            mbox




            Mbox is a lightweight sandboxing mechanism that any user can use without special privileges in commodity operating systems.





            • Source repo


            I've used it for a couple of things reliably.







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Jan 13 at 4:51









            Pablo Bianchi

            2,5751532




            2,5751532










            answered Feb 13 '14 at 3:10









            0x780x78

            10113




            10113























                4














                subuser



                You can use subuser to sandbox your applications with Docker. This allows you do things like sandbox GUI apps, which isn't easy to do with Docker directly.



                sudo apt install subuser



                • Using subuser - a quick tutorial






                share|improve this answer






























                  4














                  subuser



                  You can use subuser to sandbox your applications with Docker. This allows you do things like sandbox GUI apps, which isn't easy to do with Docker directly.



                  sudo apt install subuser



                  • Using subuser - a quick tutorial






                  share|improve this answer




























                    4












                    4








                    4







                    subuser



                    You can use subuser to sandbox your applications with Docker. This allows you do things like sandbox GUI apps, which isn't easy to do with Docker directly.



                    sudo apt install subuser



                    • Using subuser - a quick tutorial






                    share|improve this answer















                    subuser



                    You can use subuser to sandbox your applications with Docker. This allows you do things like sandbox GUI apps, which isn't easy to do with Docker directly.



                    sudo apt install subuser



                    • Using subuser - a quick tutorial







                    share|improve this answer














                    share|improve this answer



                    share|improve this answer








                    edited Jan 13 at 4:49









                    Pablo Bianchi

                    2,5751532




                    2,5751532










                    answered Aug 14 '15 at 15:19









                    timtheliontimthelion

                    1412




                    1412























                        1














                        I think, a possible solution is to create a separate user for testing purposes, and limit his privileges. This way you won't lose in performance, what would definitely happen in virtual machine, but I think this is less safe, if not set up very properly, which I can't advice on how to do.






                        share|improve this answer



















                        • 2





                          This doesn't protect the system from malicious software that may still get installed or run - it also is not sandboxing in the manner that this question means

                          – Thomas Ward
                          Dec 10 '15 at 17:13
















                        1














                        I think, a possible solution is to create a separate user for testing purposes, and limit his privileges. This way you won't lose in performance, what would definitely happen in virtual machine, but I think this is less safe, if not set up very properly, which I can't advice on how to do.






                        share|improve this answer



















                        • 2





                          This doesn't protect the system from malicious software that may still get installed or run - it also is not sandboxing in the manner that this question means

                          – Thomas Ward
                          Dec 10 '15 at 17:13














                        1












                        1








                        1







                        I think, a possible solution is to create a separate user for testing purposes, and limit his privileges. This way you won't lose in performance, what would definitely happen in virtual machine, but I think this is less safe, if not set up very properly, which I can't advice on how to do.






                        share|improve this answer













                        I think, a possible solution is to create a separate user for testing purposes, and limit his privileges. This way you won't lose in performance, what would definitely happen in virtual machine, but I think this is less safe, if not set up very properly, which I can't advice on how to do.







                        share|improve this answer












                        share|improve this answer



                        share|improve this answer










                        answered May 9 '13 at 8:50









                        PhlyaPhlya

                        281114




                        281114








                        • 2





                          This doesn't protect the system from malicious software that may still get installed or run - it also is not sandboxing in the manner that this question means

                          – Thomas Ward
                          Dec 10 '15 at 17:13














                        • 2





                          This doesn't protect the system from malicious software that may still get installed or run - it also is not sandboxing in the manner that this question means

                          – Thomas Ward
                          Dec 10 '15 at 17:13








                        2




                        2





                        This doesn't protect the system from malicious software that may still get installed or run - it also is not sandboxing in the manner that this question means

                        – Thomas Ward
                        Dec 10 '15 at 17:13





                        This doesn't protect the system from malicious software that may still get installed or run - it also is not sandboxing in the manner that this question means

                        – Thomas Ward
                        Dec 10 '15 at 17:13











                        1














                        DoSH - Docker SHell



                        In case that you simply want to sandbox the activity of the users, you can use "DoSH"




                        DoSH (which stands for Docker SHell) is a development to create Docker containers when users log in the Linux system and run a shell into them, instead of symply creating the shell.







                        share|improve this answer






























                          1














                          DoSH - Docker SHell



                          In case that you simply want to sandbox the activity of the users, you can use "DoSH"




                          DoSH (which stands for Docker SHell) is a development to create Docker containers when users log in the Linux system and run a shell into them, instead of symply creating the shell.







                          share|improve this answer




























                            1












                            1








                            1







                            DoSH - Docker SHell



                            In case that you simply want to sandbox the activity of the users, you can use "DoSH"




                            DoSH (which stands for Docker SHell) is a development to create Docker containers when users log in the Linux system and run a shell into them, instead of symply creating the shell.







                            share|improve this answer















                            DoSH - Docker SHell



                            In case that you simply want to sandbox the activity of the users, you can use "DoSH"




                            DoSH (which stands for Docker SHell) is a development to create Docker containers when users log in the Linux system and run a shell into them, instead of symply creating the shell.








                            share|improve this answer














                            share|improve this answer



                            share|improve this answer








                            edited Jan 13 at 4:53









                            Pablo Bianchi

                            2,5751532




                            2,5751532










                            answered Nov 15 '17 at 12:32









                            ubuserubuser

                            111




                            111

















                                protected by Sergiy Kolodyazhnyy Jan 13 at 5:18



                                Thank you for your interest in this question.
                                Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).



                                Would you like to answer one of these unanswered questions instead?



                                Popular posts from this blog

                                Human spaceflight

                                Can not write log (Is /dev/pts mounted?) - openpty in Ubuntu-on-Windows?

                                張江高科駅