Re: a utility for preventing exec() calls
Brought to you by:
xystrus
Menu
▾
▴
Re: a utility for preventing exec() calls
|
From: Nick C. <ni...@cl...> - 2019-02-13 09:36:55
|
On Wed, 13 Feb 2019 at 09:00, Nick Cleaton <ni...@cl...> wrote: > > #!/bin/sh > exec nsjail -Mo -R /usr -W /var/spool/frob libcallfilt denyexec > /usr/bin/frob -- "$@" > Sorry, that should be: #!/bin/sh exec nsjail -Mo -R /usr -B /var/spool/frob -- libcallfilt denyexec /usr/bin/frob -- "$@" (nsjail takes -B not -W for a writable part of the filesystem, and I missed out a --) |
