To restrict access to sensitive data you can run closed source miners in isolated environments.
For example, to run Optiminer in Bubblewrap isolation you can run the following:
bwrap \ --proc /proc \ --dev /dev \ --ro-bind /sys /sys \ --ro-bind /usr/lib /usr/lib \ --ro-bind /lib64 /lib64 \ --ro-bind /etc/resolv.conf /etc/resolv.conf \ --ro-bind /etc/OpenCL/vendors /etc/OpenCL/vendors \ --dev-bind /dev /dev \ --ro-bind /tmp/optiminer-zcash/ /optiminer \ --chdir /optiminer \ /optiminer/optiminer-zcash -s SERVER -u USER -p PASS
You can also use the following to isolate:
- systemd service
Has anyone tried to run miners in some kind of isolation? Please share.