Walsh: Cool things with SELinux... Introducing sandbox -X
Source: LWN - Posted by Anthony Pell   
SELinux Red Hat SELinux hacker Dan Walsh has a weblog posting about a new feature added to his SELinux sandbox. sandbox -X essentially combines the sandbox with the idea behind the "xguest" user to create a sandbox for arbitrary desktop applications. It came out of a request to be able to sandbox "acroread": "Acroread and most other desktop applications use multiple communication channels, interacting not just with stdin and stdout, but accessing configuration files, directly or using interprocess calls as with GConf, the X server and other applications, and usually have full run of the user's home directory.

Read this full article at LWN

Only registered users can write comments.
Please login or register.

Powered by AkoComment!