SlideShare a Scribd company logo

Secure and Simple Sandboxing in SELinux

J
James Morris

Overview and technical description of SELinux sandboxing, including basic command line use and desktop integration via a nested X server.

Technology
1 of 22
Download to read offline
Secure and Simple Sandboxing in SELinux James Morris jmorris@namei.org FOSS.my 2009 Kuala Lumpur, Malaysia
Overview ● Sandboxing ● SELinux ● Sandbox design and implementation ● Use examples ● Status and future directions
Sandboxing ● Many types of sandbox ● Basic concept is to isolate code ● Process arbitrary input ● Run third party code ● Contain vulnerabilities ● For this talk: process-level sandbox
Existing Sandboxes ● Chroot, seccomp, ptrace etc., all problematic ● New design: setuid sandbox (Evans/Tiennes) ● Don't utilize MAC facilities (SELinux, Smack) ● Typically based around restricting ambient privilege
Sandboxing with MAC ● Utilize MAC (mandatory access control) to enhance sandboxing ● Layered approach: ● Process-level isolation (MMU) ● DAC separation (e.g. privsep, UID allocator) ● Namespaces / chroot etc. ● MAC isolation policy
Reduce Ambient Authority ● Security can be simplified by reducing ambient auhority. ● Consider: ● wc file.txt – wc needs general read permission for the system & uses this 'ambient' authority to open file. ● cat file.txt | wc – cat opens the file and passes open fd to wc, bundling the object and authority together. Specific authority is delegated and wc now needs no permissions to access filesystem!
Usability ● Combining MAC policy with fd passing is conceptually simple for users: the latter follows standard Unix use conventions. ● Does not require policy administration ● Simple supplied policy which strongly isolates sandboxed apps ● Zero config ● High level abstraction: ● Simply run apps via a sandbox launcher ● Kiosk mode, sVirt etc. are similar approaches
SELinux Implementation ● New sandbox label added to policy ● Has no general permissions, only those absolutely required to execute (e.g. load shared libraries, which can be further locked down if desired) ● sandbox launcher causes app to be executed with this label; I/O happens via fd ● Unique MCS label assigned to each instance for MAC isolation (cf. UID allocation – both could be used) ● Sets up home & tmp dirs; copies in specified files; cleans up at exit
/usr/bin/sandbox ● Creates temporary sandbox directory ● Copies in specified files ● Sets up security labeling ● Executes specified application in sandbox ● Cleanup at exit
Basic Use $ /usr/bin/id -Z unconfined_t:c0.c1023 $ sandbox /usr/bin/id -Z sandbox_t:c533,c903 ● sandbox_t -- broad MAC policy for all sandboxes, isolate them from wider system ● c533,c903 -- unique MCS label to separate sandboxes from each other (actual value does not matter, just needs to be unique)
Demonstration $ touch /tmp/foo1 $ sandbox touch /tmp/foo2 /bin/touch: cannot touch `/tmp/foo2': Permission denied
Demonstration $ sandbox cat /proc/$$/maps /bin/cat: /proc/3034/maps: Permission denied
Advanced Uses ● Processing pipelines: ● Scanning mail for viruses, spam etc.; run each stage in a sandbox ● Packet dissectors, etc. ● Web application framework ● e.g. XSLT rendering, CGI handling ● Any case where a separate process can be launched and use fd for I/O
Desktop Security ● Difficult to sandbox desktop apps because of environment (X, GNOME, DBus etc.) ● complicated ● Sandbox X: ● Launch sandboxed applications in nested X server: simple and effective! ● Extends basic sandbox utility:
/usr/sbin/seunshare ● setuid program: ● unshare(2) – dissasociates mount namespace ● bind mounts new $HOME and /tmp dirs ● calls setexeccon to set security label ● drops all capabilities ● calls sandboxX.sh
/usr/share/sandbox/sandboxX.sh ● Configures X environment ● Launches Xephyr nested X server ● runs matchbox window manager ● runs specified application ● everything runs with sandbox security label ● cleans up at exit ● Some limitations (currently): ● Cannot resize window ● No copy/paste
Current status ● SELinux Sandbox will be in Fedora 12 ● Currently available in rawhide
Demo
Future Directions ● Continued high-level integration, e.g. make it easy to run sandboxed web browsers ● Interaction issues to resolve, e.g. ask user to save changed data when exiting sandbox? ● Integration with XACE window labeling, hardware security etc. ● Use sandboxing to restrict administrative privilege
What we really need most... ● A standardized high-level API ● Developers / ISVs currently roll their own security or just give up ● Difficult, but can be done
Resources ● Dan Walsh's blog ● danwalsh.livejournal.com ● Dan Walsh's LPC talk ● http://video.linuxfoundation.org/video/1565 ● Dan Walsh's email address & cell phone ● dwalsh@redhat.com ● +1 212-555-4240

Recommended

Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century ThreatsLinux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century ThreatsJames Morris
 
Linux Kernel Security Overview - KCA 2009
Linux Kernel Security Overview - KCA 2009Linux Kernel Security Overview - KCA 2009
Linux Kernel Security Overview - KCA 2009James Morris
 
Directions in SELinux Networking
Directions in SELinux NetworkingDirections in SELinux Networking
Directions in SELinux NetworkingJames Morris
 
Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...
Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...
Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...James Morris
 
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal conceptsKernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal conceptsAnne Nicolas
 
Security of Linux containers in the cloud
Security of Linux containers in the cloudSecurity of Linux containers in the cloud
Security of Linux containers in the cloudDobrica Pavlinušić
 
Linux Security Overview
Linux Security OverviewLinux Security Overview
Linux Security OverviewKernel TLV
 
XPDS16: XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...
XPDS16: XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...XPDS16: XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...
XPDS16: XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...The Linux Foundation
 

Recommended

Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century ThreatsLinux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century ThreatsJames Morris
 
Linux Kernel Security Overview - KCA 2009
Linux Kernel Security Overview - KCA 2009Linux Kernel Security Overview - KCA 2009
Linux Kernel Security Overview - KCA 2009James Morris
 
Directions in SELinux Networking
Directions in SELinux NetworkingDirections in SELinux Networking
Directions in SELinux NetworkingJames Morris
 
Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...
Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...
Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...James Morris
 
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal conceptsKernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal conceptsAnne Nicolas
 
Security of Linux containers in the cloud
Security of Linux containers in the cloudSecurity of Linux containers in the cloud
Security of Linux containers in the cloudDobrica Pavlinušić
 
Linux Security Overview
Linux Security OverviewLinux Security Overview
Linux Security OverviewKernel TLV
 
XPDS16: XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...
XPDS16: XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...XPDS16: XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...
XPDS16: XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...The Linux Foundation
 
How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?Michael Boelen
 
Qubes os presentation_to_clug_20150727
Qubes os presentation_to_clug_20150727Qubes os presentation_to_clug_20150727
Qubes os presentation_to_clug_20150727csirac2
 
FreeBSD is not Linux
FreeBSD is not LinuxFreeBSD is not Linux
FreeBSD is not LinuxMuhammad Moinur Rahman
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerMuhammad Moinur Rahman
 
final proposal-Xen based Hypervisor in a Box
final proposal-Xen based Hypervisor in a Boxfinal proposal-Xen based Hypervisor in a Box
final proposal-Xen based Hypervisor in a BoxParamkusham Shruthi
 
SANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team PlaybooksSANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team PlaybooksMauricio Velazco
 
XPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE Systems
XPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE SystemsXPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE Systems
XPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE SystemsThe Linux Foundation
 
Docker Container Security - A Network View
Docker Container Security - A Network ViewDocker Container Security - A Network View
Docker Container Security - A Network ViewNeuVector
 
Stop disabling SELinux!
Stop disabling SELinux!Stop disabling SELinux!
Stop disabling SELinux!Maciej Lasyk
 
Scale 12x Securing Your Cloud with The Xen Hypervisor
Scale 12x Securing Your Cloud with The Xen HypervisorScale 12x Securing Your Cloud with The Xen Hypervisor
Scale 12x Securing Your Cloud with The Xen HypervisorThe Linux Foundation
 
Virtual Machine Introspection in a Hyberid Honeypot Architecture
Virtual Machine Introspection in a Hyberid Honeypot ArchitectureVirtual Machine Introspection in a Hyberid Honeypot Architecture
Virtual Machine Introspection in a Hyberid Honeypot ArchitectureTamas K Lengyel
 
Security, Hack1ng and Hardening on Linux - an Overview
Security, Hack1ng and Hardening on Linux - an OverviewSecurity, Hack1ng and Hardening on Linux - an Overview
Security, Hack1ng and Hardening on Linux - an OverviewKaiwan Billimoria
 
Container Security Mmanagement
Container Security MmanagementContainer Security Mmanagement
Container Security MmanagementSuresh Thivanka Rupasinghe
 
Container Security Deep Dive & Kubernetes
Container Security Deep Dive & Kubernetes Container Security Deep Dive & Kubernetes
Container Security Deep Dive & Kubernetes Aqua Security
 
Container security
Container securityContainer security
Container securityAnthony Chow
 
Introduction To SELinux
Introduction To SELinuxIntroduction To SELinux
Introduction To SELinuxRene Cunningham
 
Linux Security, from Concept to Tooling
Linux Security, from Concept to ToolingLinux Security, from Concept to Tooling
Linux Security, from Concept to ToolingMichael Boelen
 
Docker security: Rolling out Trust in your container
Docker security: Rolling out Trust in your containerDocker security: Rolling out Trust in your container
Docker security: Rolling out Trust in your containerRonak Kogta
 
Malware Collection and Analysis via Hardware Virtualization
Malware Collection and Analysis via Hardware VirtualizationMalware Collection and Analysis via Hardware Virtualization
Malware Collection and Analysis via Hardware VirtualizationTamas K Lengyel
 
5 Ways to Secure Your Containers for Docker and Beyond
5 Ways to Secure Your Containers for Docker and Beyond5 Ways to Secure Your Containers for Docker and Beyond
5 Ways to Secure Your Containers for Docker and BeyondBlack Duck by Synopsys
 
Sandboxing in .NET CLR
Sandboxing in .NET CLRSandboxing in .NET CLR
Sandboxing in .NET CLRMikhail Shcherbakov
 
Hack In Paris 2011 - Practical Sandboxing
Hack In Paris 2011 - Practical SandboxingHack In Paris 2011 - Practical Sandboxing
Hack In Paris 2011 - Practical SandboxingTom Keetch
 

More Related Content

What's hot

How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?Michael Boelen
 
Qubes os presentation_to_clug_20150727
Qubes os presentation_to_clug_20150727Qubes os presentation_to_clug_20150727
Qubes os presentation_to_clug_20150727csirac2
 
final proposal-Xen based Hypervisor in a Box
final proposal-Xen based Hypervisor in a Boxfinal proposal-Xen based Hypervisor in a Box
final proposal-Xen based Hypervisor in a BoxParamkusham Shruthi
 
SANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team PlaybooksSANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team PlaybooksMauricio Velazco
 
XPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE Systems
XPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE SystemsXPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE Systems
XPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE SystemsThe Linux Foundation
 
Docker Container Security - A Network View
Docker Container Security - A Network ViewDocker Container Security - A Network View
Docker Container Security - A Network ViewNeuVector
 
Stop disabling SELinux!
Stop disabling SELinux!Stop disabling SELinux!
Stop disabling SELinux!Maciej Lasyk
 
Scale 12x Securing Your Cloud with The Xen Hypervisor
Scale 12x Securing Your Cloud with The Xen HypervisorScale 12x Securing Your Cloud with The Xen Hypervisor
Scale 12x Securing Your Cloud with The Xen HypervisorThe Linux Foundation
 
Virtual Machine Introspection in a Hyberid Honeypot Architecture
Virtual Machine Introspection in a Hyberid Honeypot ArchitectureVirtual Machine Introspection in a Hyberid Honeypot Architecture
Virtual Machine Introspection in a Hyberid Honeypot ArchitectureTamas K Lengyel
 
Security, Hack1ng and Hardening on Linux - an Overview
Security, Hack1ng and Hardening on Linux - an OverviewSecurity, Hack1ng and Hardening on Linux - an Overview
Security, Hack1ng and Hardening on Linux - an OverviewKaiwan Billimoria
 
Container Security Deep Dive & Kubernetes
Container Security Deep Dive & Kubernetes Container Security Deep Dive & Kubernetes
Container Security Deep Dive & Kubernetes Aqua Security
 
Container security
Container securityContainer security
Container securityAnthony Chow
 
Linux Security, from Concept to Tooling
Linux Security, from Concept to ToolingLinux Security, from Concept to Tooling
Linux Security, from Concept to ToolingMichael Boelen
 
Docker security: Rolling out Trust in your container
Docker security: Rolling out Trust in your containerDocker security: Rolling out Trust in your container
Docker security: Rolling out Trust in your containerRonak Kogta
 
Malware Collection and Analysis via Hardware Virtualization
Malware Collection and Analysis via Hardware VirtualizationMalware Collection and Analysis via Hardware Virtualization
Malware Collection and Analysis via Hardware VirtualizationTamas K Lengyel
 
5 Ways to Secure Your Containers for Docker and Beyond
5 Ways to Secure Your Containers for Docker and Beyond5 Ways to Secure Your Containers for Docker and Beyond
5 Ways to Secure Your Containers for Docker and BeyondBlack Duck by Synopsys
 

What's hot (20)

How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?
 
Qubes os presentation_to_clug_20150727
Qubes os presentation_to_clug_20150727Qubes os presentation_to_clug_20150727
Qubes os presentation_to_clug_20150727
 
FreeBSD is not Linux
FreeBSD is not LinuxFreeBSD is not Linux
FreeBSD is not Linux
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
 
final proposal-Xen based Hypervisor in a Box
final proposal-Xen based Hypervisor in a Boxfinal proposal-Xen based Hypervisor in a Box
final proposal-Xen based Hypervisor in a Box
 
SANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team PlaybooksSANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
 
XPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE Systems
XPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE SystemsXPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE Systems
XPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE Systems
 
Docker Container Security - A Network View
Docker Container Security - A Network ViewDocker Container Security - A Network View
Docker Container Security - A Network View
 
Stop disabling SELinux!
Stop disabling SELinux!Stop disabling SELinux!
Stop disabling SELinux!
 
Scale 12x Securing Your Cloud with The Xen Hypervisor
Scale 12x Securing Your Cloud with The Xen HypervisorScale 12x Securing Your Cloud with The Xen Hypervisor
Scale 12x Securing Your Cloud with The Xen Hypervisor
 
Virtual Machine Introspection in a Hyberid Honeypot Architecture
Virtual Machine Introspection in a Hyberid Honeypot ArchitectureVirtual Machine Introspection in a Hyberid Honeypot Architecture
Virtual Machine Introspection in a Hyberid Honeypot Architecture
 
Security, Hack1ng and Hardening on Linux - an Overview
Security, Hack1ng and Hardening on Linux - an OverviewSecurity, Hack1ng and Hardening on Linux - an Overview
Security, Hack1ng and Hardening on Linux - an Overview
 
Container Security Mmanagement
Container Security MmanagementContainer Security Mmanagement
Container Security Mmanagement
 
Container Security Deep Dive & Kubernetes
Container Security Deep Dive & Kubernetes Container Security Deep Dive & Kubernetes
Container Security Deep Dive & Kubernetes
 
Container security
Container securityContainer security
Container security
 
Introduction To SELinux
Introduction To SELinuxIntroduction To SELinux
Introduction To SELinux
 
Linux Security, from Concept to Tooling
Linux Security, from Concept to ToolingLinux Security, from Concept to Tooling
Linux Security, from Concept to Tooling
 
Docker security: Rolling out Trust in your container
Docker security: Rolling out Trust in your containerDocker security: Rolling out Trust in your container
Docker security: Rolling out Trust in your container
 
Malware Collection and Analysis via Hardware Virtualization
Malware Collection and Analysis via Hardware VirtualizationMalware Collection and Analysis via Hardware Virtualization
Malware Collection and Analysis via Hardware Virtualization
 
5 Ways to Secure Your Containers for Docker and Beyond
5 Ways to Secure Your Containers for Docker and Beyond5 Ways to Secure Your Containers for Docker and Beyond
5 Ways to Secure Your Containers for Docker and Beyond
 

Viewers also liked

Hack In Paris 2011 - Practical Sandboxing
Hack In Paris 2011 - Practical SandboxingHack In Paris 2011 - Practical Sandboxing
Hack In Paris 2011 - Practical SandboxingTom Keetch
 
File Transfer protocols
File Transfer protocolsFile Transfer protocols
File Transfer protocolsAayushi Pareek
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)SSASIT
 
Content Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionContent Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionBlue Coat
 
Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Blue Coat
 
File transfer protocol
File transfer protocolFile transfer protocol
File transfer protocolMilind Swane
 
Sandbox vs manual malware analysis v1.1
Sandbox vs manual malware analysis v1.1Sandbox vs manual malware analysis v1.1
Sandbox vs manual malware analysis v1.1Michael Gough
 
Remote network monitoring
Remote network monitoringRemote network monitoring
Remote network monitoringyousef emami
 
Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet Ravi Rajput
 
Course on Ehtical Hacking - Introduction
Course on Ehtical Hacking - IntroductionCourse on Ehtical Hacking - Introduction
Course on Ehtical Hacking - IntroductionBharat Thakkar
 
Network scanning
Network scanningNetwork scanning
Network scanningoceanofwebs
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An IntroductionJayaseelan Vejayon
 

Viewers also liked (20)

Sandboxing in .NET CLR
Sandboxing in .NET CLRSandboxing in .NET CLR
Sandboxing in .NET CLR
 
Hack In Paris 2011 - Practical Sandboxing
Hack In Paris 2011 - Practical SandboxingHack In Paris 2011 - Practical Sandboxing
Hack In Paris 2011 - Practical Sandboxing
 
Ceh v5 module 07 sniffers
Ceh v5 module 07 sniffersCeh v5 module 07 sniffers
Ceh v5 module 07 sniffers
 
File Transfer protocols
File Transfer protocolsFile Transfer protocols
File Transfer protocols
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)
 
Content Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionContent Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat Protection
 
Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101
 
File transfer protocol
File transfer protocolFile transfer protocol
File transfer protocol
 
Sandbox vs manual malware analysis v1.1
Sandbox vs manual malware analysis v1.1Sandbox vs manual malware analysis v1.1
Sandbox vs manual malware analysis v1.1
 
Remote network monitoring
Remote network monitoringRemote network monitoring
Remote network monitoring
 
Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet
 
Course on Ehtical Hacking - Introduction
Course on Ehtical Hacking - IntroductionCourse on Ehtical Hacking - Introduction
Course on Ehtical Hacking - Introduction
 
Introduction to SNMP
Introduction to SNMPIntroduction to SNMP
Introduction to SNMP
 
Network scanning
Network scanningNetwork scanning
Network scanning
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAP
 
Port Scanning
Port ScanningPort Scanning
Port Scanning
 
Nmap Basics
Nmap BasicsNmap Basics
Nmap Basics
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniques
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An Introduction
 
ETHICAL HACKING PPT
ETHICAL HACKING PPTETHICAL HACKING PPT
ETHICAL HACKING PPT
 

Similar to Secure and Simple Sandboxing in SELinux

Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)
Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)
Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)James Morris
 
Linux 开源操作系统发展新趋势
Linux 开源操作系统发展新趋势Linux 开源操作系统发展新趋势
Linux 开源操作系统发展新趋势Anthony Wong
 
Containers - Portable, repeatable user-oriented application delivery. Build, ...
Containers - Portable, repeatable user-oriented application delivery. Build, ...Containers - Portable, repeatable user-oriented application delivery. Build, ...
Containers - Portable, repeatable user-oriented application delivery. Build, ...Walid Shaari
 
Techtalks: taking docker to production
Techtalks: taking docker to productionTechtalks: taking docker to production
Techtalks: taking docker to productionmuayyad alsadi
 
Unraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production CloudUnraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production CloudSalman Baset
 
Tokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityTokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityPhil Estes
 
Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned RightScale
 
How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016Phil Estes
 
Warden @ Meet magento Romania 2021
Warden @ Meet magento Romania 2021Warden @ Meet magento Romania 2021
Warden @ Meet magento Romania 2021alinalexandru
 
Introduction to containers
Introduction to containersIntroduction to containers
Introduction to containersNitish Jadia
 
Shall we play a game
Shall we play a gameShall we play a game
Shall we play a gamejackpot201
 
Up and Running with Freebsd
Up and Running with FreebsdUp and Running with Freebsd
Up and Running with FreebsdGLC Networks
 
We shall play a game....
We shall play a game....We shall play a game....
We shall play a game....Sadia Textile
 
Docker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxDocker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxMichael Boelen
 
Securing Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformSecuring Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformAll Things Open
 

Similar to Secure and Simple Sandboxing in SELinux (20)

Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)
Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)
Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)
 
Linux 开源操作系统发展新趋势
Linux 开源操作系统发展新趋势Linux 开源操作系统发展新趋势
Linux 开源操作系统发展新趋势
 
Containers - Portable, repeatable user-oriented application delivery. Build, ...
Containers - Portable, repeatable user-oriented application delivery. Build, ...Containers - Portable, repeatable user-oriented application delivery. Build, ...
Containers - Portable, repeatable user-oriented application delivery. Build, ...
 
Exploring Docker Security
Exploring Docker SecurityExploring Docker Security
Exploring Docker Security
 
JOSA TechTalk: Taking Docker to Production
JOSA TechTalk: Taking Docker to ProductionJOSA TechTalk: Taking Docker to Production
JOSA TechTalk: Taking Docker to Production
 
Techtalks: taking docker to production
Techtalks: taking docker to productionTechtalks: taking docker to production
Techtalks: taking docker to production
 
Unraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production CloudUnraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production Cloud
 
Tokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityTokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker Security
 
Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned
 
How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016
 
Warden @ Meet magento Romania 2021
Warden @ Meet magento Romania 2021Warden @ Meet magento Romania 2021
Warden @ Meet magento Romania 2021
 
Introduction to containers
Introduction to containersIntroduction to containers
Introduction to containers
 
Shall we play a game
Shall we play a gameShall we play a game
Shall we play a game
 
Shall we play a game?
Shall we play a game?Shall we play a game?
Shall we play a game?
 
0507 057 01 98 * Adana Klima Servisleri
0507 057 01 98 * Adana Klima Servisleri0507 057 01 98 * Adana Klima Servisleri
0507 057 01 98 * Adana Klima Servisleri
 
Up and Running with Freebsd
Up and Running with FreebsdUp and Running with Freebsd
Up and Running with Freebsd
 
We shall play a game....
We shall play a game....We shall play a game....
We shall play a game....
 
Docker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxDocker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on Linux
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 
Securing Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformSecuring Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container Platform
 

More from James Morris

Adding Extended Attribute Support to NFS
Adding Extended Attribute Support to NFSAdding Extended Attribute Support to NFS
Adding Extended Attribute Support to NFSJames Morris
 
sVirt: Hardening Linux Virtualization with Mandatory Access Control
sVirt: Hardening Linux Virtualization with Mandatory Access ControlsVirt: Hardening Linux Virtualization with Mandatory Access Control
sVirt: Hardening Linux Virtualization with Mandatory Access ControlJames Morris
 
OLPC Networking Overview
OLPC Networking OverviewOLPC Networking Overview
OLPC Networking OverviewJames Morris
 
Cryptographic Hardware Support for the Linux Kernel - Netconf 2004
Cryptographic Hardware Support for the Linux Kernel - Netconf 2004Cryptographic Hardware Support for the Linux Kernel - Netconf 2004
Cryptographic Hardware Support for the Linux Kernel - Netconf 2004James Morris
 
SELinux Project Overview - Linux Foundation Japan Symposium 2008
SELinux Project Overview - Linux Foundation Japan Symposium 2008SELinux Project Overview - Linux Foundation Japan Symposium 2008
SELinux Project Overview - Linux Foundation Japan Symposium 2008James Morris
 
Mandatory Access Control Networking Update - Netonf 2006 Tokyo
Mandatory Access Control Networking Update - Netonf 2006 TokyoMandatory Access Control Networking Update - Netonf 2006 Tokyo
Mandatory Access Control Networking Update - Netonf 2006 TokyoJames Morris
 
Kernel Security for 2.8 - Kernel Summit 2004
Kernel Security for 2.8 - Kernel Summit 2004Kernel Security for 2.8 - Kernel Summit 2004
Kernel Security for 2.8 - Kernel Summit 2004James Morris
 
Better IPSec Security Association Resolution - Netconf 2006 Tokyo
Better IPSec Security Association Resolution - Netconf 2006 TokyoBetter IPSec Security Association Resolution - Netconf 2006 Tokyo
Better IPSec Security Association Resolution - Netconf 2006 TokyoJames Morris
 
The State of Security Enhanced Linux - FOSS.IN/2007
The State of Security Enhanced Linux - FOSS.IN/2007The State of Security Enhanced Linux - FOSS.IN/2007
The State of Security Enhanced Linux - FOSS.IN/2007James Morris
 
How and Why You Should Become a Kernel Hacker - FOSS.IN/2007
How and Why You Should Become a Kernel Hacker - FOSS.IN/2007How and Why You Should Become a Kernel Hacker - FOSS.IN/2007
How and Why You Should Become a Kernel Hacker - FOSS.IN/2007James Morris
 
Overview of NSA Security Enhanced Linux - FOSS.IN/2005
Overview of NSA Security Enhanced Linux - FOSS.IN/2005Overview of NSA Security Enhanced Linux - FOSS.IN/2005
Overview of NSA Security Enhanced Linux - FOSS.IN/2005James Morris
 
SELinux Kernel Internals and Architecture - FOSS.IN/2005
SELinux Kernel Internals and Architecture - FOSS.IN/2005SELinux Kernel Internals and Architecture - FOSS.IN/2005
SELinux Kernel Internals and Architecture - FOSS.IN/2005James Morris
 

More from James Morris (12)

Adding Extended Attribute Support to NFS
Adding Extended Attribute Support to NFSAdding Extended Attribute Support to NFS
Adding Extended Attribute Support to NFS
 
sVirt: Hardening Linux Virtualization with Mandatory Access Control
sVirt: Hardening Linux Virtualization with Mandatory Access ControlsVirt: Hardening Linux Virtualization with Mandatory Access Control
sVirt: Hardening Linux Virtualization with Mandatory Access Control
 
OLPC Networking Overview
OLPC Networking OverviewOLPC Networking Overview
OLPC Networking Overview
 
Cryptographic Hardware Support for the Linux Kernel - Netconf 2004
Cryptographic Hardware Support for the Linux Kernel - Netconf 2004Cryptographic Hardware Support for the Linux Kernel - Netconf 2004
Cryptographic Hardware Support for the Linux Kernel - Netconf 2004
 
SELinux Project Overview - Linux Foundation Japan Symposium 2008
SELinux Project Overview - Linux Foundation Japan Symposium 2008SELinux Project Overview - Linux Foundation Japan Symposium 2008
SELinux Project Overview - Linux Foundation Japan Symposium 2008
 
Mandatory Access Control Networking Update - Netonf 2006 Tokyo
Mandatory Access Control Networking Update - Netonf 2006 TokyoMandatory Access Control Networking Update - Netonf 2006 Tokyo
Mandatory Access Control Networking Update - Netonf 2006 Tokyo
 
Kernel Security for 2.8 - Kernel Summit 2004
Kernel Security for 2.8 - Kernel Summit 2004Kernel Security for 2.8 - Kernel Summit 2004
Kernel Security for 2.8 - Kernel Summit 2004
 
Better IPSec Security Association Resolution - Netconf 2006 Tokyo
Better IPSec Security Association Resolution - Netconf 2006 TokyoBetter IPSec Security Association Resolution - Netconf 2006 Tokyo
Better IPSec Security Association Resolution - Netconf 2006 Tokyo
 
The State of Security Enhanced Linux - FOSS.IN/2007
The State of Security Enhanced Linux - FOSS.IN/2007The State of Security Enhanced Linux - FOSS.IN/2007
The State of Security Enhanced Linux - FOSS.IN/2007
 
How and Why You Should Become a Kernel Hacker - FOSS.IN/2007
How and Why You Should Become a Kernel Hacker - FOSS.IN/2007How and Why You Should Become a Kernel Hacker - FOSS.IN/2007
How and Why You Should Become a Kernel Hacker - FOSS.IN/2007
 
Overview of NSA Security Enhanced Linux - FOSS.IN/2005
Overview of NSA Security Enhanced Linux - FOSS.IN/2005Overview of NSA Security Enhanced Linux - FOSS.IN/2005
Overview of NSA Security Enhanced Linux - FOSS.IN/2005
 
SELinux Kernel Internals and Architecture - FOSS.IN/2005
SELinux Kernel Internals and Architecture - FOSS.IN/2005SELinux Kernel Internals and Architecture - FOSS.IN/2005
SELinux Kernel Internals and Architecture - FOSS.IN/2005
 

Recently uploaded

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 

Recently uploaded (20)

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 

Secure and Simple Sandboxing in SELinux

  • 1. Secure and Simple Sandboxing in SELinux James Morris jmorris@namei.org FOSS.my 2009 Kuala Lumpur, Malaysia
  • 2. Overview ● Sandboxing ● SELinux ● Sandbox design and implementation ● Use examples ● Status and future directions
  • 3. Sandboxing ● Many types of sandbox ● Basic concept is to isolate code ● Process arbitrary input ● Run third party code ● Contain vulnerabilities ● For this talk: process-level sandbox
  • 4. Existing Sandboxes ● Chroot, seccomp, ptrace etc., all problematic ● New design: setuid sandbox (Evans/Tiennes) ● Don't utilize MAC facilities (SELinux, Smack) ● Typically based around restricting ambient privilege
  • 5. Sandboxing with MAC ● Utilize MAC (mandatory access control) to enhance sandboxing ● Layered approach: ● Process-level isolation (MMU) ● DAC separation (e.g. privsep, UID allocator) ● Namespaces / chroot etc. ● MAC isolation policy
  • 6. Reduce Ambient Authority ● Security can be simplified by reducing ambient auhority. ● Consider: ● wc file.txt – wc needs general read permission for the system & uses this 'ambient' authority to open file. ● cat file.txt | wc – cat opens the file and passes open fd to wc, bundling the object and authority together. Specific authority is delegated and wc now needs no permissions to access filesystem!
  • 7. Usability ● Combining MAC policy with fd passing is conceptually simple for users: the latter follows standard Unix use conventions. ● Does not require policy administration ● Simple supplied policy which strongly isolates sandboxed apps ● Zero config ● High level abstraction: ● Simply run apps via a sandbox launcher ● Kiosk mode, sVirt etc. are similar approaches
  • 8. SELinux Implementation ● New sandbox label added to policy ● Has no general permissions, only those absolutely required to execute (e.g. load shared libraries, which can be further locked down if desired) ● sandbox launcher causes app to be executed with this label; I/O happens via fd ● Unique MCS label assigned to each instance for MAC isolation (cf. UID allocation – both could be used) ● Sets up home & tmp dirs; copies in specified files; cleans up at exit
  • 9. /usr/bin/sandbox ● Creates temporary sandbox directory ● Copies in specified files ● Sets up security labeling ● Executes specified application in sandbox ● Cleanup at exit
  • 10. Basic Use $ /usr/bin/id -Z unconfined_t:c0.c1023 $ sandbox /usr/bin/id -Z sandbox_t:c533,c903 ● sandbox_t -- broad MAC policy for all sandboxes, isolate them from wider system ● c533,c903 -- unique MCS label to separate sandboxes from each other (actual value does not matter, just needs to be unique)
  • 11. Demonstration $ touch /tmp/foo1 $ sandbox touch /tmp/foo2 /bin/touch: cannot touch `/tmp/foo2': Permission denied
  • 12. Demonstration $ sandbox cat /proc/$$/maps /bin/cat: /proc/3034/maps: Permission denied
  • 13. Advanced Uses ● Processing pipelines: ● Scanning mail for viruses, spam etc.; run each stage in a sandbox ● Packet dissectors, etc. ● Web application framework ● e.g. XSLT rendering, CGI handling ● Any case where a separate process can be launched and use fd for I/O
  • 14. Desktop Security ● Difficult to sandbox desktop apps because of environment (X, GNOME, DBus etc.) ● complicated ● Sandbox X: ● Launch sandboxed applications in nested X server: simple and effective! ● Extends basic sandbox utility:
  • 15. /usr/sbin/seunshare ● setuid program: ● unshare(2) – dissasociates mount namespace ● bind mounts new $HOME and /tmp dirs ● calls setexeccon to set security label ● drops all capabilities ● calls sandboxX.sh
  • 16. /usr/share/sandbox/sandboxX.sh ● Configures X environment ● Launches Xephyr nested X server ● runs matchbox window manager ● runs specified application ● everything runs with sandbox security label ● cleans up at exit ● Some limitations (currently): ● Cannot resize window ● No copy/paste
  • 17. Current status ● SELinux Sandbox will be in Fedora 12 ● Currently available in rawhide
  • 18. Demo
  • 19.
  • 20. Future Directions ● Continued high-level integration, e.g. make it easy to run sandboxed web browsers ● Interaction issues to resolve, e.g. ask user to save changed data when exiting sandbox? ● Integration with XACE window labeling, hardware security etc. ● Use sandboxing to restrict administrative privilege
  • 21. What we really need most... ● A standardized high-level API ● Developers / ISVs currently roll their own security or just give up ● Difficult, but can be done
  • 22. Resources ● Dan Walsh's blog ● danwalsh.livejournal.com ● Dan Walsh's LPC talk ● http://video.linuxfoundation.org/video/1565 ● Dan Walsh's email address & cell phone ● dwalsh@redhat.com ● +1 212-555-4240