Jailed NX

83 views
Skip to first unread message

Mark Kasson

unread,
Jul 16, 2009, 12:52:45 PM7/16/09
to ne...@googlegroups.com

I’m very interested in being able to run an nx server that has or creates uses jailkit to have an nx session running inside a jail.  The use is enabling users to nx into a server and have them not see any other users’ data (for example, even by browsing via File, Open), not know of even the existence of other users (similar) or be able to run programs other than what we import into the jail.

 

We would not be charging for use of this nx service.  However, since we are a small for-profit company, I was interested in offering a small bounty to the freenx crowd to hopefully entice someone to develop this capability.  Given the state of Freenx development, I was concerned about using in a production system.  Similarly I was concerned about using Tacix in a production environment, even though it is developing impressively.

 

If Google’s intent is to maintain or at least stabilize neatx, I’d feel comfortable using it in place of freenx.  In that case, I would also be willing to offer a bounty for a nx jail, if that’s not inconsistent with Google policy.

 

Here’s a note from NoMachine on creating a nx jail:  http://www.nomachine.com/ar/view.php?ar_id=AR09D00419   Unfortunately, I don’t know enough about nx to make it work on freenx or neatx.

 

Also, here are two user articles on creating a nx jail:

http://mail.kde.org/pipermail/freenx-knx/2008-March/006835.html

http://www.nabble.com/Fedora-Core-8-black-screen-after-authentication-td16132716.html

 

Also, since I’m asking, for our purposes it needs to run on Ubuntu.  We don’t use Fedora and don’t want multiple distros running on the same net.

 

Please advise.

 

Best (and thank you),

 

-          Mark Kasson

Rafael Roquetto

unread,
Jul 16, 2009, 1:26:42 PM7/16/09
to ne...@googlegroups.com
Hello,

We do provide a jailed, professional NX solutions. It is not based on
FreeNX project. We actually forked NoMachine code and applied our own
patches (as a matter of fact, we used to work together with NoMachine,
and some former NoMachine, FreeNX developers work for us [Fabian
Franz, Alexander Chukov among others]).

We tried out several jailing methods, including a mix of chroot + a
virtual fuse filesystem, but this proved to be very inefficent.

Currently, we work with an LD_PRELOAD solution. Yeah, it may sound
weird, but so far, so good. Also, we did apply some patches to
nautilus, but that's for the sake of eye candy only.

Please let me know if you'd like further information.

Rafael.

Reply all
Reply to author
Forward
0 new messages