"Reverse" sandbox possible? (2013-02-23 08:10 by Riviera #67462)
Hi,
I'm wondering if it's possible to create some kind of reverse sandbox with tomoyo linux 2.0.
What I want is to deny everything access to one specific folder, except one program.
Specificlly I only want the bitcoin client and nothing else to be able to acces ~/.bitcon/
RE: "Reverse" sandbox possible? (2013-02-23 16:35 by kumaneko #67463)
Hello.
> I'm wondering if it's possible to create some kind of reverse sandbox with
> tomoyo linux 2.0.
> What I want is to deny everything access to one specific folder, except one
> program.
> Specificlly I only want the bitcoin client and nothing else to be able to
> acces ~/.bitcoin/
So far, only \- operator is possible. That is, define a path_group like
I demonstrated only read and write operations. But you need to be also careful
about pathname manipulation operations like rename/link/mount.
If you can move ~/.bitcoin/ directory to a dedicated partition and have a
symlink to the dedicated partition, you can use attributes of the dedicated
partition (e.g. path.major and path.minor) for conditions to restrict access.