Walsh: Introducing the SELinux Sandbox
Posted May 26, 2009 23:43 UTC (Tue) by pr1268
Parent article: Walsh: Introducing the SELinux Sandbox
I dunno... It seems that the existing security mechanisms in Linux would restrict unprivileged users from doing malicious stuff without the need for a SELinux "sandbox". On the other hand, if a non-root user were running a compromised grep, awk, or ls such that the /etc/shadow file got copied to "parts unknown", then there are more pressing issues at play than sandboxing an SELinux instance. Just a mild rant from my observation from the cheap seats...
to post comments)