Bookmark this category
Security-Enhanced Linux (SELinux) specialist and Red Hat developer Dan Walsh has souped up the security mechanisms in Fedora and SELinux by adding a desktop sandbox which he\’s calling "sandbox -X". Users can run desktop applications of their choice inside his sandbox, which then protects the underlying system from any possible damage.
A browser started inside the sandbox is unable to damage the host system.
SELinux extends the standard Unix privileges concept to add a role-based privilege model which, in principal, allows a user to forbid a PDF viewer from, for example, sending email. Currently, however, SELinux is mainly used to wall off server services.