How To Use Systemd For Application Sandboxing & How To Easily Crash Systemd

Written by Michael Larabel in systemd on 1 October 2016 at 09:20 AM EDT. 59 Comments
SYSTEMD
Another one of the interesting systemd.conf 2016 presentations in Berlin was a talk by Djalal Harouni of EndoCode for using systemd to carry out application sandboxing.

While some may be put off by the thought of systemd being responsible for app sandboxing, it's possible. It's easily possible to confine applications/objects using systemd sandbox functionality. If you are curious how, the video presentation from systemd.conf is embedded below:


Also related are some new systemd security features hitting the Git code.

Unrelated to this presentation specifically, many Phoronix readers have been emailing me about "How to Crash Systemd in One Tweet." If you are interested in how it's possible for any user to crash systemd with one command, see this blog post by Andrew Ayer.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week