Overview of sVirt and sandboxing through virtualization
This session will provide an overview of the recent virt-sandbox project, which aims to provide sandboxing of applications via the use of lightweight guests (both KVM and LXC). Discussion will cover techniques such as sVirt (use of SELinux labeling to prevent the sandboxed guest from altering unauthorized resources in the host) and plan9 filesystem sharing (to allow the guest to share a specified portion of the host file system), as well as any ideas for how to reduce the time taken for a host to start a sandboxed application.
Topic Lead: Eric Blake
Eric is currently a primary contributor to the libvirt project, which presents a unified management interface into multiple virtualization technologies, such as KVM, LXC, and Xen. He is also active in the Austin Group for developing POSIX interfaces, as well as a contributor to the gnulib project for providing ports of POSIX and other interfaces to a large variety of platforms.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- None
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- Superseded
- Series goal:
- None
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by
- Eric Blake