NSjail vs Minijail
406 views
Skip to first unread message
Yevgeny Pats
Mar 26, 2019, 3:12:36 PM3/26/19
to nsjail
Can someone elaborate on nsjail vs minijail? both seem similar and maintained partially by google.
Robert Święcki
Mar 27, 2019, 4:31:32 AM3/27/19
to Yevgeny Pats, nsjail
Both are well written projects, use the one you like more and which solves your problem better. nsjail offers probably more options and more expressive seccomp-bpf filters, while minijail has its preload mode.
wt., 26 mar 2019 o 20:12 Yevgeny Pats <yev....@gmail.com> napisał(a):
Can someone elaborate on nsjail vs minijail? both seem similar and maintained partially by google.
--
You received this message because you are subscribed to the Google Groups "nsjail" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nsjail+un...@googlegroups.com.
To post to this group, send email to nsj...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/nsjail/fd8cf165-caa3-4b1f-a54c-6fd0a0795a3f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Robert Święcki
Yevgeny Pats
Mar 27, 2019, 4:38:02 AM3/27/19
to Robert Święcki, nsjail
Got it, thx!
John Smith
Aug 2, 2020, 2:13:06 PM8/2/20
to nsjail
The use of LD_PRELOAD is actually troublesome for some of my potential applications.
Can you clarify that nsjail does not in fact make use of it?
Minijail also has the -T option which according to the manual can treat all binaries as statically linked thereby disabling preload, are you familiar with that and how reliable it is?
Thanks.
On Wednesday, March 27, 2019 at 4:31:32 AM UTC-4, Robert Święcki wrote:
Both are well written projects, use the one you like more and which solves your problem better. nsjail offers probably more options and more expressive seccomp-bpf filters, while minijail has its preload mode.
wt., 26 mar 2019 o 20:12 Yevgeny Pats <yev...@gmail.com> napisał(a):
Can someone elaborate on nsjail vs minijail? both seem similar and maintained partially by google.--
You received this message because you are subscribed to the Google Groups "nsjail" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nsj...@googlegroups.com.
To post to this group, send email to nsj...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/nsjail/fd8cf165-caa3-4b1f-a54c-6fd0a0795a3f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--Robert Święcki
Robert Święcki
Aug 3, 2020, 2:53:26 PM8/3/20
to John Smith, nsjail
niedz., 2 sie 2020 o 20:13 John Smith <ding...@gmail.com> napisał(a):
The use of LD_PRELOAD is actually troublesome for some of my potential applications.Can you clarify that nsjail does not in fact make use of it?
I guess nobody provided a compelling use-case so far. That is not to say there's none, just in my practice I didn't find one.
My understanding is that LD_PRELOAD is good when you don't want to have an additional process in your system per sandboxed process (or, group of processes)?
Or maybe, is it to enable sandboxing at some specific time-point in execution of a process (e.g. at main())?
Minijail also has the -T option which according to the manual can treat all binaries as statically linked thereby disabling preload, are you familiar with that and how reliable it is
Robert Święcki
Reply all
Reply to author
Forward
0 new messages