boredsquirrel<p><span class="h-card" translate="no"><a href="https://fosstodon.org/@opensuse" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>opensuse</span></a></span> </p><p>Do you plan on doing more <a href="https://tux.social/tags/SELinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SELinux</span></a> hardening than <a href="https://tux.social/tags/Fedora" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fedora</span></a> does?</p><p>Because how it is, SELinux on Fedora just makes <a href="https://tux.social/tags/run0" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>run0</span></a> a pain to use, while user processes are all unconfined, making it pretty pointless.</p><p>Or do you plan on making it user friendly?</p><p>There are many issues with <a href="https://tux.social/tags/Flatpak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Flatpak</span></a> that should be addressed. Alternatively, <a href="https://tux.social/tags/UID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UID</span></a> <a href="https://tux.social/tags/Sandboxing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sandboxing</span></a> using <a href="https://tux.social/tags/SimpleSandbox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SimpleSandbox</span></a> and SELinux could be used, which is way simpler and more secure, but relies on native packages</p><p><a href="https://wiki.gentoo.org/wiki/Simple_sandbox" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">wiki.gentoo.org/wiki/Simple_sa</span><span class="invisible">ndbox</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.
Administered by:
Server stats:
293active users
shakedown.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.4
#sandboxing
0 posts · 0 participants · 0 posts today
st1nger :unverified: 🏴☠️ :linux: :freebsd:<p><a href="https://infosec.exchange/tags/Syd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Syd</span></a> is a rock-solid application <a href="https://infosec.exchange/tags/kernel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>kernel</span></a> to sandbox applications on Linux>=5.19. Syd is similar to Bubblewrap, Firejail, GVisor, and minijail. As an application kernel it implements a subset of the Linux kernel interface in user space, intercepting system calls to provide strong isolation without the overhead of full virtualization. Syd is secure by default, and intends to provide a simple interface over various intricate <a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://infosec.exchange/tags/sandboxing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sandboxing</span></a> mechanisms such as LandLock, Namespaces, Ptrace, and Seccomp-{BPF,Notify} <a href="https://gitlab.exherbo.org/sydbox/sydbox" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gitlab.exherbo.org/sydbox/sydb</span><span class="invisible">ox</span></a></p>
boredsquirrel<p><span class="h-card" translate="no"><a href="https://mastodon.social/@mozillaofficial" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>mozillaofficial</span></a></span> </p><p>Finally! This will allow better process <a href="https://tux.social/tags/sandboxing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sandboxing</span></a>, and make the <a href="https://tux.social/tags/flatpak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>flatpak</span></a> and <a href="https://tux.social/tags/android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>android</span></a> app finally an option?</p><p><a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1756236" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">bugzilla.mozilla.org/show_bug.</span><span class="invisible">cgi?id=1756236</span></a></p><p><a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1565196" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">bugzilla.mozilla.org/show_bug.</span><span class="invisible">cgi?id=1565196</span></a></p><p><a href="https://tux.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://tux.social/tags/firefox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>firefox</span></a> <a href="https://tux.social/tags/sandbox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sandbox</span></a> <a href="https://tux.social/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a></p>
boredsquirrel<p><span class="h-card" translate="no"><a href="https://floss.social/@kde" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>kde@floss.social</span></a></span> <span class="h-card" translate="no"><a href="https://lemmy.kde.social/c/kde" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>kde@lemmy.kde.social</span></a></span> </p><p>Can you tell us what happens on the "sandbox all the things" goal?</p><p>I think this is a pretty crucial step forward, even though <a href="https://tux.social/tags/sandbox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sandbox</span></a> technologies (most often through user namespaces) are more problematic than I initially thought.</p><p>(Basically, user <a href="https://tux.social/tags/namespaces" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>namespaces</span></a> open up <a href="https://tux.social/tags/privesc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privesc</span></a> dangers to the monolithic <a href="https://tux.social/tags/kernel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>kernel</span></a>, which is incredible. <a href="https://tux.social/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Android</span></a> and <a href="https://tux.social/tags/ChromeOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ChromeOS</span></a> use <a href="https://tux.social/tags/LXC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LXC</span></a>, mounts and <a href="https://tux.social/tags/SELinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SELinux</span></a> for <a href="https://tux.social/tags/sandboxing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sandboxing</span></a>)</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.anoxinon.de/@mit_scharf" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>mit_scharf</span></a></span> <span class="h-card" translate="no"><a href="https://kitty.haus/users/lamp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>lamp</span></a></span> <a href="https://infosec.space/tags/jar" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>jar</span></a> files are <a href="https://infosec.space/tags/portable" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>portable</span></a> but in terms of <a href="https://infosec.space/tags/sandboxing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sandboxing</span></a> I'm wary as that <em>is an option</em> but few JREs implement it properly as it would get often in the way.</p><p><a href="https://infosec.space/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Android</span></a> with <a href="https://infosec.space/tags/Dalvik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Dalvik</span></a> kinda did it...</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://kitty.haus/users/lamp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>lamp</span></a></span> Also that isn't <em>that</em> portable, or as portable as <a href="https://infosec.space/tags/BSDjails" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BSDjails</span></a>, <a href="https://infosec.space/tags/bhyve" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bhyve</span></a> and other <a href="https://infosec.space/tags/sandboxing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sandboxing</span></a> options...</p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload