All of lore.kernel.org
 help / color / mirror / Atom feed
From: Cristian Ariza <cariza@collaborative.li>
To: Stephen Smalley <stephen.smalley.work@gmail.com>,
	Petr Lautrbach <plautrba@redhat.com>,
	Ondrej Mosnacek <omosnace@redhat.com>
Cc: SElinux list <selinux@vger.kernel.org>
Subject: Re: No window opening when running sandbox -S
Date: Tue, 9 Jun 2020 15:05:06 +0100	[thread overview]
Message-ID: <e99ea6cf-8970-057a-4dad-1d9c5d973ba1@collaborative.li> (raw)
In-Reply-To: <CAEjxPJ4Rw-B00FWjpTL3dWLwJ8daqy6NH_7su-EtAXYky8caQA@mail.gmail.com>

On 09/06/2020 14:02, Stephen Smalley wrote:
> You are using sandbox as packaged by Fedora in
> policycoreutils-sandbox?  If so, please file a bug against their
> package.

Just tested the version on the selinux repo and works. Will report to 
Fedora. Thanks.

> To be honest, I don't use sandbox myself and I am not sure it is being
> very well maintained these days.  It was originally created by Red
> Hat.
> It seems like it has been OBE by other efforts to sandbox apps on
> Linux e.g. flatpak or snaps although I don't know that any of those
> are leveraging SELinux.  I'd be tempted to remove it upstream unless
> it is getting proper care and feeding.

I have been fiddling with a few alternatives for sandboxing apps but I 
haven't really found anything that comes close. Probably the best I've 
seen is firejail and its defaults are not too good (too permissive IMO). 
It's a shame if it's not being maintained.


  reply	other threads:[~2020-06-09 14:05 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-06-09  7:53 No window opening when running sandbox -S Cristian Ariza
2020-06-09 13:02 ` Stephen Smalley
2020-06-09 14:05   ` Cristian Ariza [this message]
2020-06-09 15:04     ` Topi Miettinen
2020-06-09 16:05       ` Cristian Ariza
2020-06-09 17:07   ` Petr Lautrbach
2020-06-09 17:17     ` Cristian Ariza
2020-06-09 18:03       ` Petr Lautrbach

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=e99ea6cf-8970-057a-4dad-1d9c5d973ba1@collaborative.li \
    --to=cariza@collaborative.li \
    --cc=omosnace@redhat.com \
    --cc=plautrba@redhat.com \
    --cc=selinux@vger.kernel.org \
    --cc=stephen.smalley.work@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.