How can I limit the size of an SELinux Sandbox's home directory?

asked 2012-01-29 18:29:27 -0600

codeblock
32 ●1 ●1 ●5

updated 2012-10-31 09:54:23 -0600

I've recently been experimenting and playing with SELinux sandboxes, and they are a great tool for things like safe code evaluation (think sites like tryruby.org and tryclj.com).

I was wondering if it's possible to limit the maximum size of a sandbox's home directory. I know that it's possible to limit CPU usage and RAM usage in /etc/sysconfig/sandbox. man selinux.conf doesn't seem to show any such variables to tweak for disk size. Would this involve making a policy and using that instead of sandbox_x_t?

Thanks.

edit retag flag offensive close merge delete

add a comment

1 Answer

Sort by » oldest newest most voted

answered 2012-01-30 05:47:22 -0600

domg472
544 ●6 ●6 ●11

You could enforce disk quota's but this affects not just sandbox.

Create a user just for sandbox usage and then use disk quota's to manage that users disk quota's.

Sandbox uses Linux Control Groups to manage Sandbox CPU and RAM resources.

There is a CGroup I/O controller but i do not think it can be used for this exact purpose. I think it "provides proportional bandwith control" e.g. i suspect it could be used to limit i/o bandwith for sandbox.

I also do not believe you can achieve your goal by making a policy instead of using Sandbox.

edit flag offensive delete link

add a comment

Question Tools

Stats

Asked: 2012-01-29 18:29:27 -0600

Seen: 553 times

Last updated: Oct 31 '12

How can I limit the size of an SELinux Sandbox's home directory? edit

1 Answer

Question Tools

Stats

Related questions

How can I limit the size of an SELinux Sandbox's home directory?