Could someone advise me the best way to constrain an application from performing unwanted activities? (e.g. if someone in an irc chan was able to hijack my irssi app to read personal files).
I currently run apps like irssi as a dedicated, unprivileged user. On OpenBSD, I've used systrace to define am irssi policy permitting only read/write of the configuration file and network traffic to approved irc servers. I've seen the FGAP project underway (which I believe will give me that systrace-like functionality) - are there any other ways of constraining the capabilities of specific applications within opensolaris? Many thanks! -- This message posted from opensolaris.org
