Introducing the SELinux Sandbox*
We have introduced the concept of the general purpose sandbox using SELinux.
Fedora 11 introduced the concept of the General purpose sandbox. The idea is you can run processes within the sandbox that work on untrusted data or even the tools is untrusted and guarantee that the tools has access to only Stdin and STDOUT and very little of the system. We also plan to demonstrate the SELinux Xwindows Sabdbox at this time.
SELinux, security, sandbox
Daniel Walsh has worked in the computer security field for over 25 years. Dan joined Red Hat in August 2001. He has led the SELinux project, concentrating on the application space and policy development. Previously, Dan worked on Netect/Bindview on HackerShield and BVControl for Unix, Vulnerability Assessment Products. Prior to this Dan worked for Digital Equipment Corporation on the Athena Project along with designing and developing the AltaVista Firewall and AltaVista Tunnel (VPN) Products. Dan has a BA in Mathematics from the College of the Holy Cross and a MS in Computer Science from Worcester Polytechnic Institute.