Hacker News new | past | comments | ask | show | jobs | submit login

On Linux, you can also use "unshare" in your mailcap, e.g.

  text/html; unshare -U -n lynx -assume_charset=%{charset} -stdin -dump; copiousoutput;
This creates a new user namespace (-U) and then network namespace (-n), meaning there is no way for the lynx process to communicate with the outside world.

(requires unprivileged userns, which is default enabled on recent distros. "sysctl -w kernel.unprivileged_userns_clone=1" if not.)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: