Linux Today: Linux News On Internet Time.

More on LinuxToday

Cool things with SELinux... Introducing sandbox -X

Sep 17, 2009, 19:32 (0 Talkback[s])
(Other stories by Dan Walsh)

"SELinux is all about defining security goals.

"For example I might have a security goal that firefox application will not send email. So I can check if my policy prevents firefox from sending email. But my security goal can change depending on the content that I want to look at. For whatever reason, I might want to allow OpenOffice to have full access to everything in my homedir when I launch it from the start menu, but when it is launched from firefox on untrusted content, I only want OpenOffice to be able to display, print, or email that content, not my credit card data....

"I introduced xguest a year or so ago, and I've thought about why people liked the concept and the ways people were telling me they were using it. (Xguest is the least privileged user, his homedir is cleared on exit, and he is only able to connect to http ports). I have been told that some people use xguest to go to untrusted sites where they do not want to have bad data left behind. Others have told me they use xguest to run games, to make sure the downloaded games aren't allowed to do evil things."

Complete Story

Related Stories: