Ask Your Question
1

How can I limit the size of an SELinux Sandbox's home directory?

asked 2012-01-29 18:29:27 -0500

codeblock gravatar image

updated 2012-10-31 09:54:23 -0500

I've recently been experimenting and playing with SELinux sandboxes, and they are a great tool for things like safe code evaluation (think sites like tryruby.org and tryclj.com).

I was wondering if it's possible to limit the maximum size of a sandbox's home directory. I know that it's possible to limit CPU usage and RAM usage in /etc/sysconfig/sandbox. man selinux.conf doesn't seem to show any such variables to tweak for disk size. Would this involve making a policy and using that instead of sandbox_x_t?

Thanks.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
2

answered 2012-01-30 05:47:22 -0500

domg472 gravatar image

You could enforce disk quota's but this affects not just sandbox.

Create a user just for sandbox usage and then use disk quota's to manage that users disk quota's.

Sandbox uses Linux Control Groups to manage Sandbox CPU and RAM resources.

There is a CGroup I/O controller but i do not think it can be used for this exact purpose. I think it "provides proportional bandwith control" e.g. i suspect it could be used to limit i/o bandwith for sandbox.

I also do not believe you can achieve your goal by making a policy instead of using Sandbox.

edit flag offensive delete link more

Question Tools

Stats

Asked: 2012-01-29 18:29:27 -0500

Seen: 559 times

Last updated: Oct 31 '12