Discussion in 'all things UNIX' started by Gullible Jones, Jun 7, 2014.

Thread Status:
Not open for further replies.
  1. Gullible Jones

    Gullible Jones Registered Member

    May 16, 2013
    I mean the mandatory access control system:

    I'm experimenting with it but getting nowhere fast at the moment. It may be simple, but not enough to make up for the lack of examples in the documentation. OTOH I like that it doesn't need userspace support, is in the mainline kernel, and appears to be finer grained than AppArmor.

    Are there any decent examples of sandboxing an internet facing program with this MAC system? Any way to do it without having to apply dodgy xattr labels to binaries, or is that its whole schtick?
Thread Status:
Not open for further replies.