I'd like to (from code) launch a process with highly restricted privileges.
(I'm building a grid-esque system. The launched code may be hostile.)
Here's what I've got so far... - In advance, create some users, grid00-grid99. Give each one disk/memory/CPU quota as configured.
To launch a process...
Have I missed anything?
Many thanks.
The standard resource usage limits (via ulimit) can handle the first three, and SELinux can handle the other three. Simply create a new domain for the application, assign the proper permissions, and away you go (but not it).
It sounds like you're looking for something like the FreeBSD jail feature. (That's for FreeBSD of course, but that page has links to similar technologies for Linux.)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With