Re: SELinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Hash: SHA1

On 01/20/2011 05:12 PM, Jorge Fábregas wrote:
> On 01/20/2011 05:23 PM, Daniel J Walsh wrote:
>> yum install policycoreutils-sandbox
> Shouldn't this package be a dependency of the package
> policycoreutils-python (owner of sandbox)?
> --
> Jorge
There are two types of sandboxes.  You can run the sandbox command
without the -X and it runs in "script mode".  In this mode it allows the
application executed within the sandbox to read/write all file
descriptors passed in, but is not allowed to open any content.

cat untrusted.doc | sandbox > /tmp/trusted.doc

For example would only allow to read untrusted.doc, and write
trusted.doc.  If attempted to write to ~/.ssh/secrets SELinux
would block the access.  If it attempted to write anywhere or to open
any files other then system files it would be blocked.

sandbox -X

on the other hand, attempts to create a desktop sandbox, and requires X
and lots of other functionality.  So we ship the python script sandbox
in policycoreutils-python, so it can be used on server only
environments, while if you want to run sandbox -X you need to install
policycoreutils-sandbox which will require X.
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora -

users mailing list
[email protected]
To unsubscribe or change subscription options:

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux