Not really having anything specific to do yesterday, I chose to have a bit of fun with sandbox.
I ended up installing a completely clean Ubuntu 10.10 in a VM with just an ssh server running.
I then installed sanbox from my PPA and appended the following line to my /etc/ssh/sshd_config:
ForceCommand sudo /usr/bin/sandbox -c "$SSH_ORIGINAL_COMMAND"
And this one to /etc/sudoers:
ALL ALL=NOPASSWD: /usr/bin/sandbox
Then restarted sshd.
The result is that any incoming ssh connection will be sent to its own sandbox with no direct access to the disk, no network available and won’t be able to see other user’s processes.
Connecting twice over SSH will give you two shells which won’t be able to see each other.
