Walsh: Introducing the SELinux Sandbox
Posted May 27, 2009 8:22 UTC (Wed) by epa
In reply to: Walsh: Introducing the SELinux Sandbox
Parent article: Walsh: Introducing the SELinux Sandbox
For example, you might run a script to encode all your FLAC music into Ogg Vorbis. That script will run as you, pr1268, so traditional Unix access control gives the script access to all of the files marked as owned by pr1268.
It seems the root of the problem (no pun intended) is that creating new users is such a heavyweight operation. It's like creating branches in CVS or SVN. You have to have root access to the whole system and edit some centralized files. Cleaning up a user is even more tedious (you have to check for any files the user owns). It would be better if there were a lightweight way to create new users, so user fred could create fred_x that has a subset of fred's permissions, and launch a process as user fred_x with certain capabilities such as network access masked out. Then when the process is finished, fred_x disappears (it was only visible to fred anyway).
to post comments)