Sandboxing a Linux Application
Ever wondered how you can isolate your application from the rest of your Linux system? How to make sure you can safely evaluate code you download from the internet? How docker sets up a new filesystem inside of your running system?
This is the talk for you! We will go through how you can create your own sandbox on Linux using the APIs available to you. This will give you insight into how large projects like chromium and docker uses these APIs to both protect the rest of the system, as well as solve problems.
Martin Ertsås is a software developer working for Cisco Systems in Norway on their Colaboration Video Endpoints.
Martin views himself as a code monkey, enjoying the weird parts of C++, Linux and Security. He enjoys digging through new code to figure out how it works, and spending time improving tools to increase the happiness and workflow of the people he works with.
While not working, Martin loves creating and playing out stories in role playing games, especially Dungeons and Dragons. Or grabbing a tent and running out into the woods with his wife to escape from the fast pace of everyday life.