Toward robust Linux sandbox

Sandboxing means running a program in a closed environment (such as no permission to open new files, no or restricted network access, etc.) in order to protect from malicious or erroneous software. In Fedora Linux there is `policycoreutils` package which contains bin/sandbox based on SELinux. This sandbox is not perfect however. So in this post I will describe some proposed updates and implementation considerations to … Continue reading Toward robust Linux sandbox