LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for June 20, 2013

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Walsh: Cool things with SELinux... Introducing sandbox -X

Walsh: Cool things with SELinux... Introducing sandbox -X

Posted Sep 22, 2009 18:38 UTC (Tue) by martinfick (subscriber, #4455)
In reply to: Walsh: Cool things with SELinux... Introducing sandbox -X by salimma
Parent article: Walsh: Cool things with SELinux... Introducing sandbox -X

I think that you misunderstood my suggestion that started this thread, on which I was following up...

There would be no other human users in my container in the mail group to have to shield from. Every linux user in the container would be a user owned and managed by one and only one human user, and would be used for the purposes of running applications by the same human user with different privileges.

Servers, such as the real mail server in this case, would be run by an admin in a completely separate container or on the host... likely served up via imap. They would not run in a human user container and have to share linux user-groups with it (but it could be setup that way too, it's just more complicated for the reasons you described).

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds