Walsh: Introducing the SELinux Sandbox

Posted May 27, 2009 7:26 UTC (Wed) by Cyberax (✭ supporter ✭, #52523)
Parent article: Walsh: Introducing the SELinux Sandbox

You mean like this: "changehat some_restricted_profile cat /etc/passwd" ?

It was supported in AppArmor for _ages_.

to post comments

Walsh: Introducing the SELinux Sandbox

Posted May 27, 2009 18:24 UTC (Wed) by talex (guest, #19139) [Link]

Which package is this command in?

I've got apparmor-utils 2.3+1289-0ubuntu14 but it doesn't seem to be there.

But the really important thing is to have a suitable sandbox policy installed by default so that applications can use it automatically, without having to get root access first to install the policy. This would probably remove the need for plash to be setuid root too.

One of the things I'd like to use it for would be sandboxing archive extraction. In Zero Install, we unpack downloaded archives and then check the contents against a digest, so it would be really useful to sandbox the extraction process to guard against malicious packages trying to exploit flaws in tar, etc.

Walsh: Introducing the SELinux Sandbox

Posted May 28, 2009 0:11 UTC (Thu) by jamesmrh (guest, #31622) [Link]

Changing the security context when launching an app has always also been part of SELinux (e.g. 'runcon'). This is a specific system for sandboxing an application so it has no privileges except via the FDs passed to it by the caller.