On Tue, 17 May 2011, Ingo Molnar wrote: > I'm not sure i get your point. Your example was not complete as described. After an apparently simple specification, you've since added several qualifiers and assumptions, and I still doubt that it's complete. A higher level goal would look like "Allow a sandbox app access only to approved resources, to contain the effects of flaws in the app", or similar. Note that this includes a threat model (remote attacker taking control of the app) and a general and fully stated strategy for dealing with it. >From there, you can start to analyze how to implement the goal, at which point you'd start thinking about configuration, assumptions, filesystem access, namespaces, indirect access (e.g. via sockets, rpc, ipc, shared memory, invocation). Anyway, this is getting off track from the main discussion, but you asked... - James -- James Morris <jmorris@xxxxxxxxx>
