possible to bar a process/application from accessing network?

sneakyimp · 05-04-2016, 10:36 PM

I'm considering installing Anki on my workstation. It's available via the Ubuntu Software Center. I'm a bit unsure whether this software is trustworthy and was hoping to mitigate my exposure to trouble by blocking this program's access to the network entirely.

Is such a thing possible?

Alternatively, if anyone could recommend trustworthy spaced repetition software (or better yet an algorithm!), I'd greatly appreciate it.

Turbocapitalist · 05-05-2016, 03:06 AM

You could try making an apparmor profile for it and using that to block net access. If you haven't done it before, it is not hard though it requires a significant time investment for reading the documentation. I think it might be enough to leave the 'network' declarations out as well as access to some net-related /proc ones, though I'm not sure about the latter. You'll have to develop the profile in complain mode and watch the logs while running the program through its paces before trying in enforce mode.

cliffordw · 05-05-2016, 03:12 AM

Hi there,

Another approach might be to try it in a virtual machine (KVM / Virtualbox) with no network access. That is probably quicker to setup than apparmor of you're not familiar with it.

Turbocapitalist · 05-05-2016, 08:35 AM

After looking at Anki for Apparmor, it seems to want all kinds of access around the system. So I'd go with cliffordw's approach of locking it in a netless VM like KVM/VirtualBox/Qemu.