LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Useful sandboxing for privilege separation

Useful sandboxing for privilege separation

Posted Jan 27, 2005 11:13 UTC (Thu) by hmh (subscriber, #3838)
In reply to: Securely renting out your CPU with Linux by ttonino
Parent article: Securely renting out your CPU with Linux

Exactly. Add some read/write-related syscals (epool, select, pool, shutdown, fseek and friends, ioctl, mmap of already open FDs...), plus signal handling, and this code would really be useful to create worker children that simply cannot step outside of their very strict bounds.

Give it two security levels (the first one does not give access to seek, ioctl or mmap, or any other non-socket operations), and it would still be useful for grid computing.

It is a pretty exiting idea, overall. AND it is something we can use everywhere when available easily, unlike SELinux.

(Log in to post comments)

Useful sandboxing for privilege separation

Posted Jan 27, 2005 16:01 UTC (Thu) by MathFox (guest, #6104) [Link]

What you are talking about are actually "Process based access controls" that implement a security policy on a per-process basis.
I do think that it is great to have something like that in the kernel, but the present patch is a bit crude. (Can it run an embedded Acrobat Reader in a browser-controlled sandbox?) We'll need some discussion about the design and desired functionality.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds