How to launch a process on Linux with highly restricted privileges?

I'd like to (from code) launch a process with highly restricted privileges.

• Can save files, but only in its own folder and limited to a quota.
• Can use memory, within a quota.
• CPU time (including any subprocesses it launches) is limited to a quota.
• Can't talk with any other process except it's own and the interface to my controller program via stdin/out.
• Can't interact with any de开发者_C百科vices.
• Can't see anything else on the network.

(I'm building a grid-esque system. The launched code may be hostile.)

Here's what I've got so far... - In advance, create some users, grid00-grid99. Give each one disk/memory/CPU quota as configured.

To launch a process...

• Pick an unused gridxx user.
• Make a folder inside the user's home folder.
• Hard link /bin, /usr, etc in that folder.
• Make a new /home/gridxx and /tmp folders in that folder.
• Copy in the program files.
• Switch to the gridxx user.
• chroot to the new folder.
• Launch the new process.

Have I missed anything?

Many thanks.

The standard resource usage limits (via ulimit) can handle the first three, and SELinux can handle the other three. Simply create a new domain for the application, assign the proper permissions, and away you go (but not it).

It sounds like you're looking for something like the FreeBSD jail feature. (That's for FreeBSD of course, but that page has links to similar technologies for Linux.)

You should be able to accomplish that with ulimit, chroot, disk quotas, and a firewall. Limiting all forms of "talking" (IPC) is hard. In the end you may want to go with a set of virtual machines.