Preventing a specific application from accessing a folder, in user space

Question

I have an app which recursively scans through huge directories, which is even slower because those are on NFS. It seems that I cannot configure the app in a way to stop this. However, I still want to use the app, and the app in fact should not need to access those directories at all.

Related question but the solution here is to use AppArmor.

As far as I know, AppArmor requires root access. However, I'm searching for a solution which I can do without root access. Also, AppArmor looks way too complex for what I want.

I probably could inject some small library via LD_PRELOAD to wrap any opendir calls. This would solve it.

But something like this must exist already, or not?

Sandboxing is what restricts access of an app. – vanadium Jun 14 '22 at 13:08 — vanadium, Jun 14 '22 at 13:08
firejail might do what you want. – Andrew Lowther Jun 14 '22 at 22:07 — Andrew Lowther, Jun 14 '22 at 22:07

score 0 · Answer 1 · answered Jun 14 '22 at 15:22

0

I found ld-preload-open where I can set mappings. I just map all paths which I want to block to /dev/null. This works perfectly as intended.

Do debug what files/paths are actually accessed by the app, I simply do:

strace -e trace=file -f my-app

answered Jun 14 '22 at 15:22

Albert

2,577

Preventing a specific application from accessing a folder, in user space

1 Answers1