Introducing the SELinux Sandbox

Short Talk
Scheduled: Thursday, September 24, 2009 from 10:35 – 11:00am in Salon E


We have introduced the concept of the general purpose sandbox using SELinux.


Fedora 11 introduced the concept of the General purpose sandbox. The idea is you can run processes within the sandbox that work on untrusted data or even the tools is untrusted and guarantee that the tools has access to only Stdin and STDOUT and very little of the system. We also plan to demonstrate the SELinux Xwindows Sabdbox at this time.


SELinux, security, sandbox


  • Dwalsh_redhat

    Daniel Walsh

    Red Hat


    Daniel Walsh has worked in the computer security field for over 25 years. Dan joined Red Hat in August 2001. He has led the SELinux project, concentrating on the application space and policy development. Previously, Dan worked on Netect/Bindview on HackerShield and BVControl for Unix, Vulnerability Assessment Products. Prior to this Dan worked for Digital Equipment Corporation on the Athena Project along with designing and developing the AltaVista Firewall and AltaVista Tunnel (VPN) Products. Dan has a BA in Mathematics from the College of the Holy Cross and a MS in Computer Science from Worcester Polytechnic Institute.

Leave a private comment to organizers about this proposal