Walsh: Introducing the SELinux Sandbox

Yes indeed. Long ago in the mid-1990s I had a pile of fugly sudoed shell scripts on Solaris that did exactly this: users could create and remove subusers that belonged to them, transfer files into those users and get them back afterwards. It was stymied by several things: lack of kernel support for 'subusers' (i.e. I wanted to express that user A could access all files belonging to user subA but not vice versa); and the fact that it was written in the shell, which meant I was never really confident that it wasn't actually adding security problems.

I should do it again, probably with help from PAM and/or userv this time to do the privileged gruntwork.