[Lxc-users] Possibly of interest - Chrome OS plans

Daniel Clark dclark at pobox.com
Sun Oct 31 11:45:25 UTC 2010


On Sun, Oct 31, 2010 at 5:41 AM, Walter Stanish <
walter.stanish at saffrondigital.com> wrote:

> Assuming this is not already known to everyone, though it was
> apparently published in late 2009...
>
> Apparently Chrome OS plans to use containers to increase system security.
>
> See
> http://www.chromium.org/chromium-os/chromiumos-design-docs/system-hardening
> (In particular, 'minijail' and 'libminijail'.)
>
> Update from August 20 this year: "we have minijail implemented, just
> not feature-complete".
> http://code.google.com/p/chromium-os/issues/detail?id=380
>
> Code is available to browse here:
>  http://git.chromium.org/gitweb/?p=minijail.git;a=tree
>
> The code itself states:
>  "XXX This is a very early implementation of the jailing logic.
>  XXX Many features are missing or will be made more tunable."
>
> Hope the above is of interest to some!
>
> - Walter
>

FYI the guy who implemented sandboxing for OLPC XO runs this site which
covers the sandboxing topic in general http://sandboxing.org/

I forget what they actually ended up doing on the XO - initially they were
going to use linux-vserver, but then it became clear that standard *nix
facilities plus maybe a few added capabilities would be enough for their
plan.
 <http://sandboxing.org/>
--
        \|/      Daniel JB Clark | Activist; Owner
FREEDOM -+-> INCLUDED ~ http://freedomincluded.com
        /|\      Free Software respecting hardware
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20101031/de7a7f3e/attachment.html>


More information about the lxc-users mailing list