Isolating software using OpenVZ
To enhance security of either running software in a virtual environment or on a remote VPS, we suggest examining Firefox isolation using OpenVZ.
First you need to configure OpenVZ ( installation manual for RHEL / CentOS / Fedora ), there are quite a few manuals on this issue so I won’t stop.
We create the container, for an example it can be the same Fedor ( 27232 - go container)
vzctl create 27232 --ostemplate fedora-12-x86 (ubuntu, debian)
We start
vzctl start 27232
We do not forget that for successful work on the virtual machine the Internet ( NAT ) should work, therefore we do not forget to check, ping, pull a file.
')
vzctl exec 27232 ping mail.ru
PING mail.ru (217.69.128.43) 56 (84) bytes of data.
64 bytes from mail.ru (217.69.128.43): icmp_seq = 1 ttl = 118 time = 66.0 ms
64 bytes from mail.ru (217.69.128.43): icmp_seq = 2 ttl = 118 time = 66.4 ms
The network works, go to the installation of software.
vzctl exec 27232 yum install firefox xauth liberation \ * fonts (vzctl exec 27232 apt-get install firefox xauth ttf-liberation dbus dbus-X11)
Redirecting output to ssh
vzctl exec 27232 sed 's /^.X11Forwarding. * $ / X11Forwarding yes /'
vzctl exec 27232 /etc/init.d/sshd restart
Create a user who will run the software
vzctl set 27232 --userpasswd ffox: mysecpass
Everything, now it remains only to connect and run firefox.
ssh -Y ffox @ ip dbus-launch firefox --no-remote
For testing, I leave the virtual developer, please do not abuse it.
ssh -Y ffox@77.68.106.96 dbus-launch firefox --no-remote password mysecpass
First you need to configure OpenVZ ( installation manual for RHEL / CentOS / Fedora ), there are quite a few manuals on this issue so I won’t stop.
We create the container, for an example it can be the same Fedor ( 27232 - go container)
vzctl create 27232 --ostemplate fedora-12-x86 (ubuntu, debian)
We start
vzctl start 27232
We do not forget that for successful work on the virtual machine the Internet ( NAT ) should work, therefore we do not forget to check, ping, pull a file.
')
vzctl exec 27232 ping mail.ru
PING mail.ru (217.69.128.43) 56 (84) bytes of data.
64 bytes from mail.ru (217.69.128.43): icmp_seq = 1 ttl = 118 time = 66.0 ms
64 bytes from mail.ru (217.69.128.43): icmp_seq = 2 ttl = 118 time = 66.4 ms
The network works, go to the installation of software.
vzctl exec 27232 yum install firefox xauth liberation \ * fonts (vzctl exec 27232 apt-get install firefox xauth ttf-liberation dbus dbus-X11)
Redirecting output to ssh
vzctl exec 27232 sed 's /^.X11Forwarding. * $ / X11Forwarding yes /'
vzctl exec 27232 /etc/init.d/sshd restart
Create a user who will run the software
vzctl set 27232 --userpasswd ffox: mysecpass
Everything, now it remains only to connect and run firefox.
ssh -Y ffox @ ip dbus-launch firefox --no-remote
For testing, I leave the virtual developer, please do not abuse it.
ssh -Y ffox@77.68.106.96 dbus-launch firefox --no-remote password mysecpass
Source: https://habr.com/ru/post/97164/
All Articles