Hello! Let’s say I have an executable file, but I’m unsure of the source, and may contain bugs/errors/malwares/bad things that can mess up my machine. I want to execute it anyway, but I want to make sure that it does not mess things up. Is it possible to create a “sandbox” folder, place the executable inside it, and then give all files inside that folder only write privileges inside that folder, and not outside? so that echo "hello" >> log.txt would work, but echo "hello" >> ~/log.txt would not?
I’ve created a tool for similar of use-cases: https://codeberg.org/contr/contr
You could run your workload inside, say, an alpine container:
cd path/to/evil/dir contr alpine ❯ # inside container, run dangerous program ❯ ./dangerous_programIf the program needs extra dependencies, you’ll have to write a Containerfile and build an image with the dependencies installed – there’s an example in the repository. Just installing the dependencies at runtime inside the container is also an option, but all changes inside the container are lost on exit.