Menu
▾
▴
#58 Use cx-freeze to run Python apps in a chroot jail
Currently Python apps are run without any sort of jail, which makes it possible to access all sorts of things it shouldn't if permissions are not set correctly. cx-freeze, plus copying the few dynamic libs needed by the generated executable, seems to do the trick of letting it run in a chroot jail.
A slight complication is that standard Python modules may need C libraries, so the set of dynamic libs that need to be provided in the jail isn't fixed. Some scripting is probably needed to recursively identify the necessary libraries. Alternatively, bind-mounting /lib, /lib64, /usr/lib and maybe one or two others may be sufficient.