To restrict access to sensitive data you can run closed source miners in isolated environments.
For example, to run Optiminer in Bubblewrap isolation you can run the following:
bwrap \
--proc /proc \
--dev /dev \
--ro-bind /sys /sys \
--ro-bind /usr/lib /usr/lib \
--ro-bind /lib64 /lib64 \
--ro-bind /etc/resolv.conf /etc/resolv.conf \
--ro-bind /etc/OpenCL/vendors /etc/OpenCL/vendors \
--dev-bind /dev /dev \
--ro-bind /tmp/optiminer-zcash/ /optiminer \
--chdir /optiminer \
/optiminer/optiminer-zcash -s SERVER -u USER -p PASS
You can also use the following to isolate:
- systemd service
- flatpak
- snap
Has anyone tried to run miners in some kind of isolation? Please share.