sandbox != capability access control
Posted May 19, 2006 0:14 UTC (Fri) by pimlott
In reply to: sandbox != capability access control
Parent article: .desktop files and security
I agree with the first sentiment--thanks, Jon, for pointing out Plash! I think this has better potential to improve security in practice than SELinux. I'm a little confused about your second statement, because I didn't think that sandboxing had such a narrow meaning. I think I even heard Alan Karp describe Polaris (on which Plash seems to be modeled in part) as a sandbox.
to post comments)