The sandbox binary on debian was patched out of the package, as "not being ready" in some way.
See: http://unix.stackexchange.com/questions/67127/how-do-i-install-selinuxs-sandbox-utility-on-linux-mint-debian-edition On Wed, Jul 3, 2013 at 7:28 AM, Timo Juhani Lindfors <[email protected]>wrote: > simo <[email protected]> writes: > > sandbox -X runs everything into a nested X server (Xephyr here) run > > explicitly for the application, so that the app does not have direct > > access to the outer X server. > > Interesting, I'd like to try that out and evaluate its security and > usability. I can't find "sandbox" binary in Debian, is it perhaps under > some other name or should I build it from source? > > > Although there was a feature (XACE) to make the X server more secure I > > do no think it ever worked well enough. I think the only good solution > > will be to use wayland once it is good enough. Its model isolates each > > process and is much better from a security pov from what I've been told > > so far. > > Indeed. The only working models that I have seen are Qubes OS and just > using xpra/vnc with virtual machine/another user. > > -Timo > _______________________________________________ > Discussion mailing list > [email protected] > https://mail.fsfeurope.org/mailman/listinfo/discussion >
_______________________________________________ Discussion mailing list [email protected] https://mail.fsfeurope.org/mailman/listinfo/discussion
