-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/20/2011 05:12 PM, Jorge Fábregas wrote: > On 01/20/2011 05:23 PM, Daniel J Walsh wrote: >> yum install policycoreutils-sandbox > > Shouldn't this package be a dependency of the package > policycoreutils-python (owner of sandbox)? > > -- > Jorge There are two types of sandboxes. You can run the sandbox command without the -X and it runs in "script mode". In this mode it allows the application executed within the sandbox to read/write all file descriptors passed in, but is not allowed to open any content. cat untrusted.doc | sandbox filter.sh > /tmp/trusted.doc For example would only allow filter.sh to read untrusted.doc, and write trusted.doc. If filter.sh attempted to write to ~/.ssh/secrets SELinux would block the access. If it attempted to write anywhere or to open any files other then system files it would be blocked. sandbox -X on the other hand, attempts to create a desktop sandbox, and requires X and lots of other functionality. So we ship the python script sandbox in policycoreutils-python, so it can be used on server only environments, while if you want to run sandbox -X you need to install policycoreutils-sandbox which will require X. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk05fvUACgkQrlYvE4MpobM41QCgrga1O0pNSGNDxkE4pe0Niec7 b8YAn0X0NLa9icF/Ee6r2681ToGFSayQ =x3Wx -----END PGP SIGNATURE----- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
