* James Morris <jmorris@xxxxxxxxx> wrote: > On Mon, 16 May 2011, Ingo Molnar wrote: > > > > Not really. > > > > > > Firstly, what is the security goal of these restrictions? [...] > > > > To do what i described above? Namely: > > > > " Sandboxed code should only be allowed to open files in /home/sandbox/, /lib/ > > and /usr/lib/ " > > These are access rules, they don't really describe a high-level security > goal. [...] Restrictng sandboxed code to only open files within a given VFS namespace boundary sure sounds like a high-level security goal to me. If implemented and set up correctly then it restricts sandboxed code to only be able to open files reachable via that VFS sub-namespace. That is a rather meaningful high-level concept. What higher level concept do you want to argue? > [...] How do you know it's ok to open everything in these directories? How do you know it's ok to open /etc/hosts? The sysadmin has configured the system that way. How do you know that it's ok for sandboxed code to open files in /home/sandbox/? The sandbox developer has configured the system that way. I'm not sure i get your point. Thanks, Ingo
