You are here

Firejail

Web Server in a Sandbox

Submitted by h2b on 5. July 2017 - 17:19
System: 
Debian GNU/Linux
Version: 
7
Symptom: 
A web server and related services as a database server shall run in jailed environments, so that they have no or or only limited access to other processes or filesystem paths of the operating system.

There are different methods to get a sandbox environment. Here, we use the  Firejail Security Sandbox, which allows to assign a private sealed scope to a service and all associated processes; this includes resources like network access, process table or filesystem. Therewith, the service only sees its own processes and can only access the part of the filesystem that has been assigned tio it.

Subscribe to RSS - Firejail