[IPython-dev] Notebook kernels + LXC

Jason Grout jason-sage@creativetrax....
Wed Oct 24 21:52:52 CDT 2012


On 10/24/12 11:48 AM, Thomas Kluyver wrote:
> A question on SO [1] got me thinking again about security in
> multi-user cases. I've read recently about LXC [2], which provides
> lightweight isolated environments for a set of processes.
>
> Is there mileage in an option for the notebook server to start each
> kernel in a new LXC container? That would give OS-level limitations on
> what a remote user can do, without the overhead of running full
> virtual machines. I imagine this could be paired with a way to share
> access to a particular notebook or session, so a malicious user
> getting access can only damage files in that project. It could
> probably also be set up so that file access is read-only.
>
> Of course, I may be on completely the wrong track. But the notebook is
> clearly going to be used in cases where the 'all or nothing' access to
> the underlying system is too coarse. Maybe this is one way to offer
> finer-grained control.
>
> [1] http://stackoverflow.com/questions/13044921/prevent-user-del-files-in-ipython-notebook-environment/13053501#13053501
> [2] http://lxc.sourceforge.net/

The wikipedia article has some interesting links, like:

http://blog.bofh.it/debian/id_413

that indicate that (at least a year ago) things were not finished enough 
to be really secure.

Also, 
http://en.wikipedia.org/wiki/Comparison_of_platform_virtual_machines 
might be a good read for ways to isolate processes.

Thanks,

Jason



-- 
Jason Grout
jason.grout@drake.edu


More information about the IPython-dev mailing list