Walsh: Introducing the SELinux Sandbox
Walsh: Introducing the SELinux Sandbox
Posted May 28, 2009 0:11 UTC (Thu) by jamesmrh (guest, #31622)In reply to: Walsh: Introducing the SELinux Sandbox by Cyberax
Parent article: Walsh: Introducing the SELinux Sandbox
Changing the security context when launching an app has always also been part of SELinux (e.g. 'runcon'). This is a specific system for sandboxing an application so it has no privileges except via the FDs passed to it by the caller.