I would like to be able to spawn a linux process that would only have access to stdin, stdout, and stderr (nothing more and nothing less). Can I do this at the process level itself? I am also implicitly stating (oxymoron) that I don’t want the spawned process to be able to change the “thing” that the other end of the stream points to.
Metaphorically:
- the process has a input pipe that comes from somewhere, it cannot change where the pipe starts from, so it cannot control where input comes from.
- the process has output and error pipes that go somewhere, it cannot change where the other end of the output pipes point to, so it cannot control where output goes to.
- it cannot create any new pipes.
I am also currently looking at SElinux. Would this allow me to create a process that only had access to these three streams? Thank you.
As stated in another answer SELinux does have various permissions that help lock down any process.
The kernel manages access to certain objects (with associated set of permissions) for example a file is an object, a directory is an object, a unix datagram socket is an object and many more.
probably the easiest thing to do is write a little policy. Luckily SELinux is deny by default so run your program and look at the logs for SELinux denials and only allow your program to do what you want. In other words you would avoid adding permission that involve object classes like msg (messages in a systemV message queue), msgq (SystemV message queue itself), sem (semaphores), shm (shared memory) and probably others depending on what it does.
I suggest the first time you do it have SELinux on but in permissive (see setenforce 0)
I would also suggest tools to help you build some policy, it can be a bit overwhelming to write basically raw M4