09.01.2014, 18:39, "Victor Porton" <porton@xxxxxxxx>: > I remind that sandbox is implemented in Fedora using SELinux. > > It would be useful to restrict sandboxed application to connect only to one, programmatically specified Internet domain (just like Java and JavaScript security). > > It seems it is impossible with current SELinux. > > Could you add necessary features? Please! You could add a syscall like: int selinux_restrict_domain(const char *domain); (We could modify this interface to restrict to a finite list of domains instead of one domain, but personally I don't need this.) -- Victor Porton - http://portonvictor.org _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
