Useful sandboxing for privilege separation
Posted Jan 27, 2005 16:01 UTC (Thu) by MathFox
In reply to: Useful sandboxing for privilege separation
Parent article: Securely renting out your CPU with Linux
What you are talking about are actually "Process based access controls" that implement a security policy on a per-process basis.
I do think that it is great to have something like that in the kernel, but the present patch is a bit crude. (Can it run an embedded Acrobat Reader in a browser-controlled sandbox?) We'll need some discussion about the design and desired functionality.
to post comments)