Sandbox apache (httpd) for better security.

Apache/httpd is something which you would like to have contained. And now fedora provides a native way/mechanism to to so with virt-sandbox-service. With this, you can create a virtualized sanbox service and then connect/list/manage such with virsh.

We will be using LXC.

Basically its couple of commands and you have a contained service running.

# List all the containers
virsh -c lxc:/// list

# Create the sandbox, all default parameters. Will take dhcp address.
virt-sandbox-service create -C  --username amitag -u httpd.service httpd_conta

# Create the container with static IP.
virt-sandbox-service create -C  --username amitag -u httpd.service -N \
address=192.168.122.11/24%192.168.122.255  httpd_conta#Enable and start the service.
virt-sandbox-service start httpd_conta
virt-sandbox-service enable httpd_conta#Delete the container if not required any more.
virt-sandbox-service delete  httpd_conta