Walsh: Cool things with SELinux... Introducing sandbox -X
Walsh: Cool things with SELinux... Introducing sandbox -X
Posted Sep 22, 2009 18:38 UTC (Tue) by martinfick (subscriber, #4455)In reply to: Walsh: Cool things with SELinux... Introducing sandbox -X by salimma
Parent article: Walsh: Cool things with SELinux... Introducing sandbox -X
I think that you misunderstood my suggestion that started this thread, on which I was following up...
There would be no other human users in my container in the mail group to have to shield from. Every linux user in the container would be a user owned and managed by one and only one human user, and would be used for the purposes of running applications by the same human user with different privileges.
Servers, such as the real mail server in this case, would be run by an admin in a completely separate container or on the host... likely served up via imap. They would not run in a human user container and have to share linux user-groups with it (but it could be setup that way too, it's just more complicated for the reasons you described).