Victor Porton wrote:
I propose to create a new NetFilter table dedicated to rules created
programmatically (not by explicit admin's iptables command).
Otherwise an admin could be tempted to say `iptables -F security` which would
probably break rules created for example by sandboxing software (which may
follow same-origin policy to restrict one particular program to certain domain
and port only). Note that in this case `iptables -F security` is a security
risk (sandbox breaking)?
New table could be possibly be called:
- temp
- temporary
- auto
- automatic
- volatile
- daemon
- system
- sys
In iptables docs it should be said that this table should not be manipulated
manually.
Is it possible that the solution to your sandboxing problem is seccomp
filter?
http://outflux.net/teach-seccomp/
You'd filter out any syscall that can make outbound connections and then
only pass already opened sockets to the sandboxed threads?
seccomp filter was actually created for sandboxing, so that user
applications could voluntarily shed the ability to call certain syscalls
before handling untrusted data.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
