At first, sorry for my bad english. I'm from Germany. Currently i am programing an Java application that executes applications remotely. Now i want to restrict the file access for each process that every process can only read and write files in his specific working Directory and files in directorys below but not files in directorys above. This program should be work on windows and on linux. My First idea was to create for every process an new user with the specific Access permissions but i don't know how i can do this in Java and this soulution sounds for me a little bit dirty.
At that time, when I asked this question, I basically wanted to only automatically start processes and additionally isolate the processes from the rest of the system.
This Problem becomes now realy simple to solve through Docker and Kubernetes.
You can run:
docker run -v <Host-Directory>:<Container-Directory> -d --rm dockerimage
Through the -v <Host-Directory>:<Container-Directory> switch you can mount a specific directory to an directory in the docker container. You can read more about that in the Docker Documentation:
https://docs.docker.com/engine/reference/commandline/run/#mount-volume--v---read-only