ub.xmlui.mirage2.page-structure.muninLogoub.xmlui.mirage2.page-structure.openResearchArchiveLogo
    • EnglishEnglish
    • norsknorsk
  • Velg spraakEnglish 
    • EnglishEnglish
    • norsknorsk
  • Administration/UB
View Item 
  •   Home
  • Fakultet for naturvitenskap og teknologi
  • Institutt for kjemi
  • Artikler, rapporter og annet (kjemi)
  • View Item
  •   Home
  • Fakultet for naturvitenskap og teknologi
  • Institutt for kjemi
  • Artikler, rapporter og annet (kjemi)
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.

nsroot: Minimalist process isolation tool implemented with Linux namespaces

Permanent link
https://hdl.handle.net/10037/20478
Thumbnail
View/Open
article.pdf (42.10Kb)
Published version (PDF)
Date
2017-11-26
Type
Journal article
Tidsskriftartikkel

Author
Raknes, Inge Alexander; Fjukstad, Bjørn; Bongo, Lars Ailo Aslaksen
Abstract
Data analyses in the life sciences are moving from tools run on a personal computer to services run on large computing platforms. This creates a need to package tools and dependencies for easy installation, configuration and deployment on distributed platforms. In addition, for secure execution there is a need for process isolation on a shared platform. Existing virtual machine and container technologies are often more complex than traditional Unix utilities, like chroot, and often require root privileges in order to set up or use. This is especially challenging on HPC systems where users typically do not have root access. We therefore present nsroot, a lightweight Linux namespaces based process isolation tool. It allows restricting the runtime environment of data analysis tools that may not have been designed with security as a top priority, in order to reduce the risk and consequences of security breaches, without requiring any special privileges. The codebase of nsroot is small, and it provides a command line interface similar to chroot. It can be used on all Linux kernels that implement user namespaces. In addition, we propose combining nsroot with the AppImage format for secure execution of packaged applications. nsroot is open sourced and available at: https://github.com/uit-no/nsroot.
Description
Source at https://ojs.bibsys.no/index.php/NIK/article/view/432.
Publisher
Norsk Informatikkonferanse
Citation
Raknes IA, Fjukstad B, Bongo LA. nsroot: Minimalist process isolation tool implemented with Linux namespaces. NIK: Norsk Informatikkonferanse. 2017
Metadata
Show full item record
Collections
  • Artikler, rapporter og annet (kjemi) [565]
Copyright 2017 The Authors

Browse

Browse all of MuninCommunities & CollectionsAuthor listTitlesBy Issue DateBrowse this CollectionAuthor listTitlesBy Issue Date
Login

Statistics

View Usage Statistics
UiT

Munin is powered by DSpace

UiT The Arctic University of Norway
The University Library
uit.no/ub - munin@ub.uit.no

Accessibility statement (Norwegian only)