Linux Today: Linux News On Internet Time.

Run Applications in Secure Sandboxes with SELinux

Nov 20, 2010, 11:05 (1 Talkback[s])
(Other stories by Joe 'Zonker' Brockmeier)

"Have an application that you want to run, but without giving it full access to the rest of your system? Welcome to SELinux's sandbox utility. In a few fairly simple steps, you can box in an application and not have to worry about it having full access to your system.

"I have to admit, I have not always been the biggest fan of SELinux. The syntax for security framework is, shall we say, less than user-friendly. Actually, it can be downright anti-social. Be that as it may, SELinux can also be really useful if you're willing to slog through the syntax and complexity. Actually, the syntax for sandboxing an application isn't all that bad and after playing with sandboxing for a while, I'm interested in checking out SELinux more fully to see how it's (and its tools) evolved since I last poked it.

"You can use the sandbox utility to run an application in an SELinux "sandbox" that is confined to reading and writing standard in (stdin), standard out (stdout), and other file descriptors passed on the command line"

Complete Story

Related Stories: