Walsh: Introducing the SELinux Sandbox
May 27, 2009, 19:02 (0 Talkback[s])
""The discussions brought up an old Bug report of [mine] about
writing policy for the 'little things'. SELinux does a great job of
confining System Services, but what about applications executed by
users. The bug report talked about confining grep, awk, ls ... The
idea was couldn't we stop the grep or the mv command from suddenly
opening up a network connection and copying off my /etc/shadow file
to parts unknown." Paris also posted an introduction to the sandbox
on linux-kernel."
Complete Story
Related Stories:
- Browser Plugins May Strip SELinux Protections(Apr 23, 2009)
- LCA 2009: Making Linux more secure(Jan 16, 2009)
- Hardening the Linux server(Jan 11, 2009)
- Can SELINUX Impose a Better Confidentiality Over Encryption?(Dec 12, 2008)
- Hardening the Linux Desktop(Nov 26, 2008)
- NSA: Open Source Provides Extreme Security at Lower Cost(Oct 09, 2008)
- SELinux and Fedora(Jul 23, 2008)
- In Linux security, apply principle of least privilege(Jul 22, 2008)
- Linux Security: Easy as 1-2-3(Jun 27, 2008)