On Sun, 2005-03-20 at 18:47 -0500, Gregory Maxwell wrote: > On Sun, 20 Mar 2005 23:29:12 +0000, Mike Hearn <mike@xxxxxxx> wrote: > > Right. Actually I have a prototype SELinux "quarantine zone" policy file > > open in emacs right now. I've been writing a packaging/installer system > > for a while and the spyware question is common enough to be in the FAQ: > > What would be neat is for somone to make a version of GLIBC that can > live inside a seccomp jail, a little loader that can prelink an > executable with that glibc and put it in the jail, and an interface > that lets you "yes / no" syscalls. :) Prompting the user for access control decisions at the level of system calls is not useful unless your target audience is solely "Linux kernel developer"; i.e. .01% of Fedora users at best. Even at a much higher level you have to assume that if you prompt for this kind of stuff, 50% of the time they're going to get it wrong.