Linked by Thom Holwerda on Tue 26th May 2009 18:32 UTC, submitted by diegocg
Linux Eric Paris, a SELinux developer, has announced today a new SELinux feature: "Dan and I (mostly Dan) have started to play with using SELinux to confine random untrusted binaries. The program is called 'sandbox.' The idea is to allow administrators to lock down tightly untrusted applications in a sandbox where they can not use the network and open/create any file that is not handed to the process. Can be used to protect a system while allowing it to run some untrusted binary."
Permalink for comment 365656
To read all comments associated with this story, please click here.
RE[2]: AppDir?
by adricnet on Wed 27th May 2009 14:56 UTC in reply to "RE: AppDir?"
adricnet
Member since:
2005-07-01

Hi,

I think the implemented Bitfrost moved past using the vserver patch into using the rainbow daemon.

http://wiki.laptop.org/go/Rainbow

Here's an old mail where Michael Stone explains why he disn't use SElinux:
http://lists.laptop.org/pipermail/security/2008-January/000370.html

Fascinating stuff ;)

Reply Parent Score: 1