[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Tor + SELinux sandbox = leak proof without VM overhead?
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Tor + SELinux sandbox = leak proof without VM overhead?
- From: coderman <coderman@xxxxxxxxx>
- Date: Sun, 29 Aug 2010 15:23:45 -0700
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Sun, 29 Aug 2010 18:23:50 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=QkrvV24tVUkBsUSkCwEKcrPt82bLWMH+iXWAvxjJc0E=; b=WIXIpERkGJE1HsYmod8uB1O9eTpBFpLX/FxFfMXPPuJNkMHPdZN7ZiGDqSrsPAD4Ra w3LZxOF3foH+77zsTni348ASgATQ7ZrAUJ/A3Y3z9dUYWVdzfKesG1nJVXgvbXw3eUOC ZSryYbXW1kM3oLSPOsI8txcMfat//VJbF+wu4=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=UzzXFenxS/1FTdHPbLInR4HFGixDH2OK/eghaB5qcunWmLa+fxzv4luk3cUAISPiIo MVYaA3eZ90DYOgwx41SZsZPeKLoU5WfjQZbbFgM8gLwsDLqf0KagGDPrSg8f0eb7bGTX VY/ckVea9f4we3HVI5V2GMO/nHwsGGAJpMwW8=
- In-reply-to: <8539tye5na.fsf@xxxxxxxx>
- References: <AANLkTika511+Ps71qdpZBOSxcv77bW3c1giVQkHu5Dx-@xxxxxxxxxxxxxx> <8539tye5na.fsf@xxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
On Sat, Aug 28, 2010 at 3:25 PM, intrigeri <intrigeri@xxxxxxxx> wrote:
>...
> Please don't misunderstand me. I'm not a fan of VM-based solutions and
> pretty much prefer the bare-metal + Live OS approach, but I feel we
> need to consider their pros and cons in a more detailed way than
> discarding them on the assumption that their cost must be too high
> else we would push for their usage much more than we do.
one last note, these are all complementary techniques. the SELinux
effort early on was applied to VMWare virtual machine rules per
instance on virtual disks and across network devices. improving the
usability of such a configuration by deploying via livecd images
supporting a wide range of hardware would also be a clear improvement
for many users.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/