SMACK!

Discussion in 'all things UNIX' started by Gullible Jones, Jun 7, 2014.

Thread Status:
Not open for further replies.
  1. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,466
    I mean the mandatory access control system:
    http://schaufler-ca.com/

    I'm experimenting with it but getting nowhere fast at the moment. It may be simple, but not enough to make up for the lack of examples in the documentation. OTOH I like that it doesn't need userspace support, is in the mainline kernel, and appears to be finer grained than AppArmor.

    Are there any decent examples of sandboxing an internet facing program with this MAC system? Any way to do it without having to apply dodgy xattr labels to binaries, or is that its whole schtick?
     
    Gullible Jones, Jun 7, 2014
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...