Den ons 1 apr. 2026 kl 23:47 skrev <seb.mouton@gmail.com>:
> Hi all,
> I am looking to run a process on my machine that I do not fully trust.
> I would like to avoid the penalty cost of spinning a VM to run it, and would like instead to sandbox it.
> As far as I know, `pledge` is nice to create a sandbox, but it's coarse-grained, it either allow access to all ips, or it allows no access at all.
> I need to give this untrusted app network access, but to avoid it being a spyware/trojan horse, I'd like to restrict its network connection to a specific list of ips.
> The idea I have for now is to create a user dedicated to it, and add an anchor in pf that filters for that user, and only allow that user to speak to that list of ip.
> Is that a reasonable approach? Is there a better way to do that?
For processes running on an obsd machine, PF supports matching on a
specifik user, like the user _pbuild for ports which is not allowed to
talk network at all.
So make a table or a macro of the allowed destinations, allow any
traffic matching this user to those destinations, and block all other
traffic from this user that did not match the previous rule.
See some examples in the pf.conf manpage:
https://man.ifconfig.se/pf.conf.5#user
Yours would be a bit more specific than the examples, but you should
be able to get a hint from them at least.
--
May the most significant bit of your life be positive.
No comments:
Post a Comment