http://www.osnews.com/story/21561/Introducing_SELinux_Sandbox_Confines_Untrusted_Binaries Exploring the Future of Computing en-us Copyright 2001-2009, David Adams adam+nospam@osnews.com Fri, 27 Nov 2009 20:56:40 GMT http://www.osnews.com/images/osnews.gif http://www.osnews.com http://osnews.com/thread?365530 http://osnews.com/thread?365530 This reminds me of something I read about the OLPC project. Don't they do something similar?

I wonder if this could also be used to create a sandboxed AppDir environment. (Just thinking aloud really -- I've had something like this in mind for a while.)Edited 2009-05-26 20:52 UTC Tue, 26 May 2009 20:50:00 GMT donotreply@osnews.com (giddie) Comments http://osnews.com/thread?365651 http://osnews.com/thread?365651 The current release of OLPC uses Linux-VServer to implement part of Bitfrost. Effectively, every application is contained by running it alone in its own virtual machine. It can impose resource usage restrictions far beyond what I believe SELinux to be capable of. (I might be wrong on that last part.) Wed, 27 May 2009 14:22:00 GMT donotreply@osnews.com (ephemient) Comments http://osnews.com/thread?365656 http://osnews.com/thread?365656 Hi,

I think the implemented Bitfrost moved past using the vserver patch into using the rainbow daemon.

http://wiki.laptop.org/go/Rainbow

Here's an old mail where Michael Stone explains why he disn't use SElinux:
http://lists.laptop.org/pipermail/security/2008-January/000370.html

Fascinating stuff Wed, 27 May 2009 14:56:00 GMT donotreply@osnews.com (adricnet) Comments http://osnews.com/thread?365831 http://osnews.com/thread?365831 I would think, this concept should just go to a mainstream. All binaries are untrusted. And all scripts are untrusted. If you have a worm, it can modify any script or binary and do something unexpected. So, if some component can do only explicitly described actions and nothing else, it would create a safe system by definition. Thu, 28 May 2009 19:01:00 GMT donotreply@osnews.com (vtolkov) Comments http://osnews.com/thread?365832 http://osnews.com/thread?365832 VMs are too expensive. Thu, 28 May 2009 19:03:00 GMT donotreply@osnews.com (vtolkov) Comments