From 028accfd58fc446cd6b9b8bcc4cbbab1bff7911e Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sun, 31 Dec 2017 17:41:55 -0200 Subject: Adds kvmx-restricted-shell --- kvmx-shell | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'kvmx-shell') diff --git a/kvmx-shell b/kvmx-shell index 5149087..a8a7eb1 100755 --- a/kvmx-shell +++ b/kvmx-shell @@ -22,4 +22,14 @@ DIRNAME="`dirname $0`" # Dispatch +# +# WARNING: this is not a restricted shell. By using the "config" action +# one can easilly run arbitrary commands. So assume kvmx-shell is just +# a utility wrapper for kvmx and not a complete isolation sollution. +# +# Assume this shell is as safe as giving /bin/bash access to the user. +# +# You might use `kvmx-restricted-shell` instead of use it as an example to +# build a restricted shell by allowing just a small subset of kvmx commands +# like starting/stopping the guest. $DIRNAME/kvmx shell $USER -- cgit v1.2.3