[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/20/2011 05:12 PM, Jorge Fábregas wrote:
> On 01/20/2011 05:23 PM, Daniel J Walsh wrote:
>> yum install policycoreutils-sandbox
> 
> Shouldn't this package be a dependency of the package
> policycoreutils-python (owner of sandbox)?
> 
> --
> Jorge
There are two types of sandboxes.  You can run the sandbox command
without the -X and it runs in "script mode".  In this mode it allows the
application executed within the sandbox to read/write all file
descriptors passed in, but is not allowed to open any content.

cat untrusted.doc | sandbox filter.sh > /tmp/trusted.doc

For example would only allow filter.sh to read untrusted.doc, and write
trusted.doc.  If filter.sh attempted to write to ~/.ssh/secrets SELinux
would block the access.  If it attempted to write anywhere or to open
any files other then system files it would be blocked.

sandbox -X

on the other hand, attempts to create a desktop sandbox, and requires X
and lots of other functionality.  So we ship the python script sandbox
in policycoreutils-python, so it can be used on server only
environments, while if you want to run sandbox -X you need to install
policycoreutils-sandbox which will require X.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk05fvUACgkQrlYvE4MpobM41QCgrga1O0pNSGNDxkE4pe0Niec7
b8YAn0X0NLa9icF/Ee6r2681ToGFSayQ
=x3Wx
-----END PGP SIGNATURE-----
-- 
users mailing list
[email protected]
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]
  Powered by Linux