nsroot: Minimalist process isolation tool implemented with Linux namespaces
Data analyses in the life sciences are moving from tools run on a personal computer to services run on large computing platforms. This creates a need to package tools and dependencies for easy installation, configuration and deployment on distributed platforms. In addition, for secure execution ther...
Gespeichert in:
| Hauptverfasser: | , , |
|---|---|
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | |
| container_volume | |
| creator | Raknes, Inge Alexander Fjukstad, Bjørn Bongo, Lars Ailo Aslaksen |
| description | Data analyses in the life sciences are moving from tools run on a personal computer to services run on large computing platforms. This creates a need to package tools and dependencies for easy installation, configuration and deployment on distributed platforms. In addition, for secure execution there is a need for process isolation on a shared platform. Existing virtual machine and container technologies are often more complex than traditional Unix utilities, like chroot, and often require root privileges in order to set up or use. This is especially challenging on HPC systems where users typically do not have root access. We therefore present nsroot, a lightweight Linux namespaces based process isolation tool. It allows restricting the runtime environment of data analysis tools that may not have been designed with security as a top priority, in order to reduce the risk and consequences of security breaches, without requiring any special privileges. The codebase of nsroot is small, and it provides a command line interface similar to chroot. It can be used on all Linux kernels that implement user namespaces. In addition, we propose combining nsroot with the AppImage format for secure execution of packaged applications. nsroot is open sourced and available at: https://github.com/uit-no/nsroot. |
| format | Article |
| fullrecord | <record><control><sourceid>cristin_3HK</sourceid><recordid>TN_cdi_cristin_nora_10037_20478</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>10037_20478</sourcerecordid><originalsourceid>FETCH-cristin_nora_10037_204783</originalsourceid><addsrcrecordid>eNqFjLEKwjAQQDMoWLTf4P2AkKRiWldRBHVzL7FGPEjvSi6in28Hd6e3vPcmqjB1Y1faWTNTpQjetDGNrTeNK9SJJDHnLVyQsPcRJcOQuAsigMLRZ2SCzBwB-yGGPlAOd3hjfsIZ6fUB8n2QwY_FQk0fPkoof5yr5WF_3R1XXRq3SC1x8q3RunKt1WtXV_-NL6SdOoY</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>nsroot: Minimalist process isolation tool implemented with Linux namespaces</title><source>NORA - Norwegian Open Research Archives</source><creator>Raknes, Inge Alexander ; Fjukstad, Bjørn ; Bongo, Lars Ailo Aslaksen</creator><creatorcontrib>Raknes, Inge Alexander ; Fjukstad, Bjørn ; Bongo, Lars Ailo Aslaksen</creatorcontrib><description>Data analyses in the life sciences are moving from tools run on a personal computer to services run on large computing platforms. This creates a need to package tools and dependencies for easy installation, configuration and deployment on distributed platforms. In addition, for secure execution there is a need for process isolation on a shared platform. Existing virtual machine and container technologies are often more complex than traditional Unix utilities, like chroot, and often require root privileges in order to set up or use. This is especially challenging on HPC systems where users typically do not have root access. We therefore present nsroot, a lightweight Linux namespaces based process isolation tool. It allows restricting the runtime environment of data analysis tools that may not have been designed with security as a top priority, in order to reduce the risk and consequences of security breaches, without requiring any special privileges. The codebase of nsroot is small, and it provides a command line interface similar to chroot. It can be used on all Linux kernels that implement user namespaces. In addition, we propose combining nsroot with the AppImage format for secure execution of packaged applications. nsroot is open sourced and available at: https://github.com/uit-no/nsroot.</description><identifier>ISSN: 1892-0721</identifier><identifier>ISSN: 1892-0713</identifier><language>eng</language><publisher>Norsk Informatikkonferanse</publisher><subject>Informasjons- og kommunikasjonsteknologi: 550 ; Information and communication technology: 550 ; Technology: 500 ; Teknologi: 500 ; VDP</subject><creationdate>2017</creationdate><rights>info:eu-repo/semantics/openAccess</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>230,778,883,26550</link.rule.ids><linktorsrc>$$Uhttp://hdl.handle.net/10037/20478$$EView_record_in_NORA$$FView_record_in_$$GNORA$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>Raknes, Inge Alexander</creatorcontrib><creatorcontrib>Fjukstad, Bjørn</creatorcontrib><creatorcontrib>Bongo, Lars Ailo Aslaksen</creatorcontrib><title>nsroot: Minimalist process isolation tool implemented with Linux namespaces</title><description>Data analyses in the life sciences are moving from tools run on a personal computer to services run on large computing platforms. This creates a need to package tools and dependencies for easy installation, configuration and deployment on distributed platforms. In addition, for secure execution there is a need for process isolation on a shared platform. Existing virtual machine and container technologies are often more complex than traditional Unix utilities, like chroot, and often require root privileges in order to set up or use. This is especially challenging on HPC systems where users typically do not have root access. We therefore present nsroot, a lightweight Linux namespaces based process isolation tool. It allows restricting the runtime environment of data analysis tools that may not have been designed with security as a top priority, in order to reduce the risk and consequences of security breaches, without requiring any special privileges. The codebase of nsroot is small, and it provides a command line interface similar to chroot. It can be used on all Linux kernels that implement user namespaces. In addition, we propose combining nsroot with the AppImage format for secure execution of packaged applications. nsroot is open sourced and available at: https://github.com/uit-no/nsroot.</description><subject>Informasjons- og kommunikasjonsteknologi: 550</subject><subject>Information and communication technology: 550</subject><subject>Technology: 500</subject><subject>Teknologi: 500</subject><subject>VDP</subject><issn>1892-0721</issn><issn>1892-0713</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2017</creationdate><recordtype>article</recordtype><sourceid>3HK</sourceid><recordid>eNqFjLEKwjAQQDMoWLTf4P2AkKRiWldRBHVzL7FGPEjvSi6in28Hd6e3vPcmqjB1Y1faWTNTpQjetDGNrTeNK9SJJDHnLVyQsPcRJcOQuAsigMLRZ2SCzBwB-yGGPlAOd3hjfsIZ6fUB8n2QwY_FQk0fPkoof5yr5WF_3R1XXRq3SC1x8q3RunKt1WtXV_-NL6SdOoY</recordid><startdate>2017</startdate><enddate>2017</enddate><creator>Raknes, Inge Alexander</creator><creator>Fjukstad, Bjørn</creator><creator>Bongo, Lars Ailo Aslaksen</creator><general>Norsk Informatikkonferanse</general><scope>3HK</scope></search><sort><creationdate>2017</creationdate><title>nsroot: Minimalist process isolation tool implemented with Linux namespaces</title><author>Raknes, Inge Alexander ; Fjukstad, Bjørn ; Bongo, Lars Ailo Aslaksen</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-cristin_nora_10037_204783</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2017</creationdate><topic>Informasjons- og kommunikasjonsteknologi: 550</topic><topic>Information and communication technology: 550</topic><topic>Technology: 500</topic><topic>Teknologi: 500</topic><topic>VDP</topic><toplevel>online_resources</toplevel><creatorcontrib>Raknes, Inge Alexander</creatorcontrib><creatorcontrib>Fjukstad, Bjørn</creatorcontrib><creatorcontrib>Bongo, Lars Ailo Aslaksen</creatorcontrib><collection>NORA - Norwegian Open Research Archives</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Raknes, Inge Alexander</au><au>Fjukstad, Bjørn</au><au>Bongo, Lars Ailo Aslaksen</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>nsroot: Minimalist process isolation tool implemented with Linux namespaces</atitle><date>2017</date><risdate>2017</risdate><issn>1892-0721</issn><issn>1892-0713</issn><abstract>Data analyses in the life sciences are moving from tools run on a personal computer to services run on large computing platforms. This creates a need to package tools and dependencies for easy installation, configuration and deployment on distributed platforms. In addition, for secure execution there is a need for process isolation on a shared platform. Existing virtual machine and container technologies are often more complex than traditional Unix utilities, like chroot, and often require root privileges in order to set up or use. This is especially challenging on HPC systems where users typically do not have root access. We therefore present nsroot, a lightweight Linux namespaces based process isolation tool. It allows restricting the runtime environment of data analysis tools that may not have been designed with security as a top priority, in order to reduce the risk and consequences of security breaches, without requiring any special privileges. The codebase of nsroot is small, and it provides a command line interface similar to chroot. It can be used on all Linux kernels that implement user namespaces. In addition, we propose combining nsroot with the AppImage format for secure execution of packaged applications. nsroot is open sourced and available at: https://github.com/uit-no/nsroot.</abstract><pub>Norsk Informatikkonferanse</pub><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | ISSN: 1892-0721 |
| ispartof | |
| issn | 1892-0721 1892-0713 |
| language | eng |
| recordid | cdi_cristin_nora_10037_20478 |
| source | NORA - Norwegian Open Research Archives |
| subjects | Informasjons- og kommunikasjonsteknologi: 550 Information and communication technology: 550 Technology: 500 Teknologi: 500 VDP |
| title | nsroot: Minimalist process isolation tool implemented with Linux namespaces |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-17T01%3A12%3A09IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-cristin_3HK&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=nsroot:%20Minimalist%20process%20isolation%20tool%20implemented%20with%20Linux%20namespaces&rft.au=Raknes,%20Inge%20Alexander&rft.date=2017&rft.issn=1892-0721&rft_id=info:doi/&rft_dat=%3Ccristin_3HK%3E10037_20478%3C/cristin_3HK%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |