On Sun, Oct 31, 2010 at 5:41 AM, Walter Stanish <
[email protected]> wrote:
> Assuming this is not already known to everyone, though it was
> apparently published in late 2009...
>
> Apparently Chrome OS plans to use containers to increase system security.
>
> See
> http://www.chromium.org/chromium-os/chromiumos-design-docs/system-hardening
> (In particular, 'minijail' and 'libminijail'.)
>
> Update from August 20 this year: "we have minijail implemented, just
> not feature-complete".
> http://code.google.com/p/chromium-os/issues/detail?id=380
>
> Code is available to browse here:
> http://git.chromium.org/gitweb/?p=minijail.git;a=tree
>
> The code itself states:
> "XXX This is a very early implementation of the jailing logic.
> XXX Many features are missing or will be made more tunable."
>
> Hope the above is of interest to some!
>
> - Walter
>
FYI the guy who implemented sandboxing for OLPC XO runs this site which
covers the sandboxing topic in general http://sandboxing.org/
I forget what they actually ended up doing on the XO - initially they were
going to use linux-vserver, but then it became clear that standard *nix
facilities plus maybe a few added capabilities would be enough for their
plan.
<http://sandboxing.org/>
--
\|/ Daniel JB Clark | Activist; Owner
FREEDOM -+-> INCLUDED ~ http://freedomincluded.com
/|\ Free Software respecting hardware
------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
Lxc-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/lxc-users
