Run Applications in Secure Sandboxes with SELinux

“Have an application that you want to run, but without giving it
full access to the rest of your system? Welcome to SELinux’s
sandbox utility. In a few fairly simple steps, you can box in an
application and not have to worry about it having full access to
your system.

“I have to admit, I have not always been the biggest fan of
SELinux. The syntax for security framework is, shall we say, less
than user-friendly. Actually, it can be downright anti-social. Be
that as it may, SELinux can also be really useful if you’re willing
to slog through the syntax and complexity. Actually, the syntax for
sandboxing an application isn’t all that bad and after playing with
sandboxing for a while, I’m interested in checking out SELinux more
fully to see how it’s (and its tools) evolved since I last poked

“You can use the sandbox utility to run an application in an
SELinux “sandbox” that is confined to reading and writing standard
in (stdin), standard out (stdout), and other file descriptors
passed on the command line”

Complete Story