Plash

From Erights

Jump to: navigation, search

Plash is a Unix shell which lets you run Unix programs with access only to the files and directories they need to run. Programs are given access to files which were passed as command line arguments.

In order to implement this, the filesystem is virtualised. Each process can have its own namespace — its own root directory — which can contain a subset of your files.

This is implemented by modifying GNU libc and replacing the system calls that use filenames. For example, open() is changed so that it sends a message to a file server via a socket. If the request is successful, the server sends the client a file descriptor via the socket as a result. Processes are run as the user ‘nobody’, and in a chroot jail, so that they can't access any files using the usual system calls, and must go through the file server instead. This approach doesn't require modifying the kernel at all.

Personal tools
more tools