leibniz-psychology/psychnotebook-deploy

Sandbox users as much as possible

PromyLOPh opened this issue 5 years ago · 0 comments

PromyLOPh commented 5 years ago

Investigate https://github.com/tinytaro/pam_seccomp
Polyinstanciate /tmp and /var/tmp via pam_namespace?
Set disk quotas (maybe via pam_setquota?)
Make sure a user can bind to local ports, but other users cannot connect