The SELinux Sandbox and small utility programs
Posted May 27, 2009 15:23 UTC (Wed) by davecb
In reply to: Walsh: Introducing the SELinux Sandbox
Parent article: Walsh: Introducing the SELinux Sandbox
Back in the days of mainframes, you specified
the files or other resources a program was going
to need in a "job control" language (JCL).
If one collects and saves the jcl for all sorts
of programs, we can then use SE Linux policies
to limit them to only using the resources they
need, making attacks by subverting programs
much more difficult. Now an attacker needs to
not only modify the program, but also change an
SE Linux policy.
to post comments)