How To Use Systemd For Application Sandboxing & How To Easily Crash Systemd
Another one of the interesting systemd.conf 2016 presentations in Berlin was a talk by Djalal Harouni of EndoCode for using systemd to carry out application sandboxing.
While some may be put off by the thought of systemd being responsible for app sandboxing, it's possible. It's easily possible to confine applications/objects using systemd sandbox functionality. If you are curious how, the video presentation from systemd.conf is embedded below:
Also related are some new systemd security features hitting the Git code.
Unrelated to this presentation specifically, many Phoronix readers have been emailing me about "How to Crash Systemd in One Tweet." If you are interested in how it's possible for any user to crash systemd with one command, see this blog post by Andrew Ayer.
While some may be put off by the thought of systemd being responsible for app sandboxing, it's possible. It's easily possible to confine applications/objects using systemd sandbox functionality. If you are curious how, the video presentation from systemd.conf is embedded below:
Also related are some new systemd security features hitting the Git code.
Unrelated to this presentation specifically, many Phoronix readers have been emailing me about "How to Crash Systemd in One Tweet." If you are interested in how it's possible for any user to crash systemd with one command, see this blog post by Andrew Ayer.
59 Comments