I'm looking for a way to run multiple python/php apps on one server. Each app in it's own /bob_app folder.
I need for users not to be able to run sth like:
>>> import glob
>>> glob.glob("/*")
['/boot', '/cdrom', '/dev', '/lib64', '/run', '/initrd.img', '/sys', '/media', '/var', '/etc', '/srv', '/initrd.img.old', '/root', '/sbin', '/tmp', '/opt', '/vmlinuz', '/usr', '/home', '/lost+found', '/bin', '/proc', '/lib', '/mnt', '/vmlinuz.old']
Or the php etc equivalent. The apps should only see the contents of the folder they are running in and nothing above that.
Edit: The apps are in docker containers and using a chroot environment within docker is not something I'm sure is the right thing to do.
If you have control of the application, it should not matter if they could see other application paths. If the apps run with different UIDs, you only need to set permissions on the application directory to 700 so that other users can't see their files.
Even if the user can enter paths to resources, you can sanitized the paths they enter. Limit the accepted paths to appropriate directories.
There are a number of methods of providing configuration data securely. You may want to consider using a service repository/registry. If you have passwords or other sensitive data, it should be store in an encrypted format.