Introducing SELinux Sandbox, Confines Untrusted Binaries
Source: OS News - Posted by Dave Wreski   
SELinux Here's an OS News link to a LKML discussion with Eric Paris. Looks intersting.Eric Paris, a SELinux developer, has announced today a new SELinux feature: "Dan and I (mostly Dan) have started to play with using SELinux to confine random untrusted binaries. The program is called 'sandbox.' The idea is to allow administrators to lock down tightly untrusted applications in a sandbox where they can not use the network and open/create any file that is not handed to the process. Can be used to protect a system while allowing it to run some untrusted binary."

Read this full article at OS News

Only registered users can write comments.
Please login or register.

Powered by AkoComment!