Scientific Linux SELinux sandbox

Discussion in 'all things UNIX' started by Ocky, Mar 12, 2012.

Thread Status:
Not open for further replies.
  1. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    Further to my post here I can now confirm that the -w flag (screen res.) now works perfectly.

    Bare bones:-

    sandbox -X -t sandbox_web_t -w 1440x900 firefox

    Allows to save downloads to ~/myweb:-

    sandbox -X -T /tmp/myweb -H ~/myweb -t sandbox_web_t -w 1440x900 firefox

    With -i flag copies profile to sandbox - no saving downloads:-

    sandbox -X -t sandbox_web_t -i /home/myself/.mozilla -w 1440x900 firefox

    Allows saving downloads with -i flag:- (without -w flag)

    sandbox -X -T /tmp/myweb -H ~/myweb -t sandbox_web_t -i /home/myself/.mozilla firefox

    Saving downloads with gftp:- (Another example, without -w flag)

    sandbox -X -T /tmp/myweb -H ~/myweb -t sandbox_web_t gftp
     
  2. x942

    x942 Guest

    Been using this on Fedora :thumb: Thanks for the tips!

    Does any one know how secure this is? Compared with Sandboxie on windows or even a VM? I was using Fedora's built in Hyper-visor to run other distros, it seems to run them faster than VBox does. The idea of running each application in it's own sandbox is more attractive though.
     
  3. mack_guy911

    mack_guy911 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    2,677
    i guess live cd would be better option for wild surfing ;)

    rest vm/sandbox is too much but in case you like both are good


    as long as there is

    no screen capture spyware/rootkit in your original system if so that its problem i dont know any that kinda exist on linux but you never know ;)


    https://www.wilderssecurity.com/showthread.php?t=319831
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    There are rootkits for linux.
     
  5. linuxforall

    linuxforall Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    2,136
    Running hundreds of Linux installations in various environments, mostly Ubuntu and yet to get a single rootkit on one of them, on my Windows installs, it used to be a different story.
     
  6. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    That is factually correct :) You can run rkhunter till the cows come home and still won't be rewarded with a rootkit detection, same applies to running an anti-virus.
     
  7. mack_guy911

    mack_guy911 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    2,677

    sorry i mix agree rootkits are there in linux but never seen a rootkit/trojan in linux which create snapshots and sent to its owner maybe there are but i never heard of any ;)
     
  8. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I mean, it's a fact that they exist - they've shown up in the past. No one here has run into one because Linux users don't get attacked, Linux servers do.
     
  9. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    Relative to other operating systems, what's the message you want to get across? For desktop users? For those in charge of servers?
     
  10. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Someone said "I don't know of any that exist." I said "they exist."

    It seems fairly self explanatory.
     
Loading...
Thread Status:
Not open for further replies.