×
☰ Menu

 

Confinement Techniques

Following are the Various Confinement Techniques

Hardware: Run the application on isolated hardware

Virtual Machine: Isolate Operating system on a single machine.

  • A virtual machine (VM) is a separate environment that can use some of the computer's physical resources.
  • Each VM looks like it is running on bare hardware, making it look like there are multiple copies of the same computer, but there is only one physical system that supports them all.
  • A process VM is a virtual platform that is set up for a single process and thrown away when that process ends.
  • Almost all operating systems give each application running a process virtual machine (VM), but the most interesting VMs are the ones that can run binaries that were built on a different instruction set.

System Call Interpolation: Isolate process in a single OS.

Chroot (change root):

  • On the Unix operating system, chroot is an operation that changes the process's apparent root directory. Programs that run in this new environment can't access files outside of the specified directory tree. This limits their access to a directory tree, which is where the name "chroot" comes from.
  • The idea is to make a directory tree into which we copy or link all the system files that a process needs to run.
  • Then, we use the chroot system call to move the root directory to the top of this new tree and start the process in this new environment.

Jailkits:

  • Jailkit is a set of tools that can be used with chroot() or other commands to restrict user accounts to certain files.
  • When setting up a chroot shell, a shell can only run certain commands, which can be done automatically with these utilities.
  • Jailkit is a tool that has been made with security in mind. It is known that network security appliances use Jailkit.

FreeBSD jail:

  • FreeBSD is a popular operating system that is free and open source. It is based on the Berkeley Software Distribution (BSD) version of Unix.
  • It works with compatible processors like the Pentium. Intel's x86
  • FreeBSD is a different operating system from Linux that can run Linux programs.