> Developing this idea further, if I want to treat all closed source > binary x86 code as untrusted and dangerous (which is indeed my security > policy) and run it only in special restricted "jail" environments like > I've described, it probably wouldn't be that much extra effort to make > this "jail" environment in the form of a software-based x86 instruction > set emulator running on a machine whose native architecture could be > completely different...
Bochs on your choice of hardware. Short of that KVM/Qemu/etc, run the closed-source stuff only in VM, not host. chroot jail. Wonder if a MAC such as SeLinux or AppArmor would do (that's Mandatory Access Control, not to confuse w/ either hardware MAC). Has anyone on the list got Gnash to work usably? Configured Firefox to seamlessly use Mplayer-plugin instead of closed-plugin to display Flash content as inline plugin? /Randall
