Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


Cool things with SELinux... Introducing sandbox -X

Sep 17, 2009, 19:32 (0 Talkback[s])
(Other stories by Dan Walsh)

"SELinux is all about defining security goals.

"For example I might have a security goal that firefox application will not send email. So I can check if my policy prevents firefox from sending email. But my security goal can change depending on the content that I want to look at. For whatever reason, I might want to allow OpenOffice to have full access to everything in my homedir when I launch it from the start menu, but when it is launched from firefox on untrusted content, I only want OpenOffice to be able to display, print, or email that content, not my credit card data....

"I introduced xguest a year or so ago, and I've thought about why people liked the concept and the ways people were telling me they were using it. (Xguest is the least privileged user, his homedir is cleared on exit, and he is only able to connect to http ports). I have been told that some people use xguest to go to untrusted sites where they do not want to have bad data left behind. Others have told me they use xguest to run games, to make sure the downloaded games aren't allowed to do evil things."

Complete Story

Related Stories: