I developed an R shiny web application, hosted on an Ubuntu 20.04 machine and deployed via ShinyProxy. I.e. each instance of the app runs in a separate Docker container. Various directories inside the containers are mapped to directories in the host system. The app contains a console where users can enter R code which is evaluated in the backend.
Therefore, I would like to use RAppArmor to further secure the application and prevent the user from reading, writing, or executing essentially any files on disk. That is more restrictive than what the pre-defined AppArmor profiles in this package implement. However, I do not know what the most restrictive configuration would look like that still permits running R.
The setup should not allow R to read, write, or execute any files, except those needed for R to run and functions included in pre-defined list of packages. E.g. the user might be allowed to use functions from the gdistance package, but not the DBI package. And of course, the user may not install any packages.
What would such a restrictive profile look like?
Unfortunately, my question did not attract any answers on Stack Overflow - even after assigning a bounty to it.
Hi,
I developed an R shiny web application, hosted on an Ubuntu 20.04 machine and deployed via ShinyProxy. I.e. each instance of the app runs in a separate Docker container. Various directories inside the containers are mapped to directories in the host system. The app contains a console where users can enter R code which is evaluated in the backend.
Therefore, I would like to use RAppArmor to further secure the application and prevent the user from reading, writing, or executing essentially any files on disk. That is more restrictive than what the pre-defined AppArmor profiles in this package implement. However, I do not know what the most restrictive configuration would look like that still permits running R.
The setup should not allow R to read, write, or execute any files, except those needed for R to run and functions included in pre-defined list of packages. E.g. the user might be allowed to use functions from the gdistance package, but not the DBI package. And of course, the user may not install any packages.
What would such a restrictive profile look like?
Unfortunately, my question did not attract any answers on Stack Overflow - even after assigning a bounty to it.