Ubuntu – How to run a bash script without affecting the file system


I am trying to create some soft of a sandbox for linux systems (ubuntu).
My main goal is to find out which files are executed by a bash script of my choice, without actually letting it run them.
I also want to prevent changes to the system, so the running script will think he has the ability to write to files but it actually doesn't. I don't want to run the bash script under low permissions, because them it will fail to run if it tries to change something.
Please don't suggest running it through a virtual machince, it's too slow for me.

The only thing that comes to my mind is hooking any write syscall so when it tries to write to a file, the system will return SUCCESS but do nothing. Also hooking any execution syscall to capture all programs executed by the script and prevent executing other files while returning success to the script. But I have to clue on how to do this.

Any ideas? Thanks in advance.

Best Answer

Try using an overlay, with a chroot. First, decide the path you want to chroot to, and make sure it exists, and similarly for the path you will overlay on / (which is where modifications will go):

mkdir -p /chroot
mkdir -p /tmp/tmproot

I chose a directory in /tmp/ as it's a tmpfs on my system (possibly unadvisable, but OK for me), so no changes should reach the disk. You can use a squashfs and mount it somewhere, and use that as the overlay, but that has the problem of being read-only, I think.


$ mount -t overlayfs -o lowerdir=/,upperdir=/tmp/tmproot overlayfs /chroot/
$ chroot /chroot/ /bin/bash -l
root:/$ touch test
root:/$ ls
...  sys  test  tmp  ...
root:/$ logout
$ ls /
...  sys  tmp  ...
$ ls /tmp/tmproot/
root  test

If you make the upperdir independent of a physical disk (perhaps by using tmpfs), this should protect the lowerdir.

Note the creation of a root folder - that's for my .bash_history. A copy was made of the original .bash_history, and then appended to.

Related Question