Hi,

Ciaran McCreesh wrote:
> Sandboxing isn't about security. It's about catching mistakes.

>From Wikipedia
(http://en.wikipedia.org/wiki/Sandbox_%28computer_security%29):
> In computer security, a sandbox is a security mechanism for 
> separating running programs. It is often used to execute untested 
> code, or untrusted programs from unverified third-parties,
> suppliers, untrusted users and untrusted websites

network-sandbox is using unshare() syscalls to separate... not?

But when I wrote my mail I was referring to Michal's statements in
<http://thread.gmane.org/gmane.linux.gentoo.devel/91131>. He is
explicitly listing "improving security"...


-Thomas

Reply via email to