-
Unprivileged sandboxing tool
As an example we will look at man 1 bwrap. Bubblewrap allows us to sandbox an application, not too dissimilar to docker. Flatpaks use bubblewrap as part of their sandbox. Bubblewrap can optionally take in a list of syscalls to filter. The filter is expressed as a BPF(Berkley Packet Filter program - remember when I said docker gives you a friendlier interface to seccomp?) program. Below is a short program that defines a BPF program that can be passed to an application using bwrap that lets us log all the sycalls the application makes to syslog.
#Monitoring Tools #Email Marketing #Windows Virtualization 25 social mentions
-
BusyBox is a single binary that provides several stripped-down Unix tools in a single executable.Pricing:
- Open Source
On to our second point, which is the cli utilities' implementation. Debian and Ubuntu use gnu's Coreutils while Alpine uses Busybox(remember, we are talking about the most used application container bases. You can install a desktop version of Alpine with GNU coreutils). Here we have the same situation as before, The GNU coreutils are bigger, do more and have a larger attack surface. Busybox is smaller, does not support as many features as GNU Coreutils but does support enough of them to make them useful. Needless to say, busybox is small and hence, it has a smaller attack surface.
#Terminal Tools #SSH #Server Management 15 social mentions
Discuss: Docker, Linux, Security. Kinda.
Related Posts
10 Best Grafana Alternatives [2023 Comparison]
sematext.com // 6 months ago
Top 10 Grafana Alternatives in 2024
middleware.io // 4 months ago
Best Free Firewalls for Windows, Mac & Android in 2024
wizcase.com // 4 months ago
Sendspark vs Potion: The Video Messaging Smackdown
medium.com // 4 months ago
Comparison of Cron Monitoring Services (November 2023)
blog.healthchecks.io // 7 months ago
8 Best SpeedFan Alternatives for Computers for Windows and Mac
xtendedview.com // 8 months ago