Useful sandboxing for privilege separation

Posted Jan 27, 2005 16:01 UTC (Thu) by MathFox (guest, #6104)
In reply to: Useful sandboxing for privilege separation by hmh
Parent article: Securely renting out your CPU with Linux

What you are talking about are actually "Process based access controls" that implement a security policy on a per-process basis.
I do think that it is great to have something like that in the kernel, but the present patch is a bit crude. (Can it run an embedded Acrobat Reader in a browser-controlled sandbox?) We'll need some discussion about the design and desired functionality.