Sandboxing Perl code with Linux Containers

50 minutes

Intermediate

English 

Running code from untrusted sources inside your application is risky. Even the most well-intended code can mess up the internals of your application and malicious code can compromise your system.

Linux Containers (also known as LXC) provides namepace isolation to completely isolate a process tree's view of the operating environment, including process trees, network interfaces, user IDs and mounted file systems. This provides the means for creating a sandbox with very low overhead to run code in.

This talk will consist of an introduction to LXC, a discussion of how to use LXC and existing Perl modules to safely run untrusted code and a presentation of some use cases.

Most of the talk will focus on LXC, but most ideas should be easily applicable to other systems like FreeBSD Jails or Solaris Zones. 

[ Talk ]
Attended by:
Peter Makholm (‎brother‎)
Aaron Crane (‎arc‎)
Leon Timmermans (‎leont‎)
Iaroslav Poliakov
Max Maischein (‎Corion‎)
Salve J. Nilsen (‎sjn‎)
Laurent Dami (‎dami‎)
Alex Muntada (‎alexm‎)
Alba Ferrer (‎alba‎)
osfameron
Alexey Surikov (‎ksurent‎)
Manfred Heumann (‎confuseAcat‎)
Radyslav Liaskovskyi (‎Radislav‎)
Bartosz Jakubski (‎migo‎)
Rico Hengst
Thomas Heine
Vidar Tyldum (‎tyldum‎)
Markus Förster
Erik Johansen (‎uniejo‎)
Lars Thegler (‎tagg‎)
Michael Scoltock (‎mscolly‎)
Todd Rinaldo (‎toddr‎)
Rish
Abe Timmerman (‎abeltje‎)
Paolo Sinigaglia (‎psini‎)
Mihai Safta (‎SDCM‎)
H.Merijn Brand (‎Tux‎)
Dmitry Karasik (‎McFist‎)
Mike Chamberlain
Michal Jurosz (‎mj41‎)
Kenta Sato (‎karupanerura‎)
Alberto Simões (‎ambs‎)
Annette Steinhauer
Mateu Hunter (‎mateu‎)
Cal
Eleatzar Colomer (‎eleatzar‎)
Ilya Chesnokov (‎ichesnokov‎)
Tudor Constantin
Leif-Arne Utvik
David Escribano
Anton Berezin (‎Grrrr‎)
Roberto Henríquez
geira
Rikus Goodell
Dave Sherohman (‎dsheroh‎)
Miroslav Tynovsky
Joaquín Ferrero (‎explorer‎)
Kim Stian Ervik (‎Kimmono‎)
Nicholas Clark
Ivan Kruglov
Brian Kelly
Rui Patinha (‎rfp‎)
Paul Cochrane (‎ptc‎)
John Lightsey (‎J.D.‎)
Nigel Gregoire
Naim Shafiyev (‎shafiev‎)
Pavel Scherbinin (‎Dzirtik‎)
Alberte Thegler
James E Keenan (‎kid51‎)
Henrik Andersen (‎HEM‎)
FErki
Tom Hukins
Anatoliy Dmytriyev (‎tolid‎)
Nicolas Vigier (‎boklm‎)
Martin Cermak
Sue Mynott (‎virtualsue‎)
Stefan Hornburg (‎Racke‎)
Dirk De Nijs (‎ddn123456‎)