We do not ship SELinux sandbox
by Sven Vermeulen, post on Tue 27 September 2016A few days ago a vulnerability was reported in the SELinux sandbox user space
utility. The utility is part of the policycoreutils
package. Luckily, Gentoo's
sys-apps/policycoreutils
package is not vulnerable - and not because we were
clairvoyant about this issue, but because we don't ship this utility.
Dropping sesandbox support
by Sven Vermeulen, post on Fri 09 May 2014A vulnerability in
seunshare,
part of policycoreutils
, came to light recently (through bug
509896). The issue is
within libcap-ng
actually, but the specific situation in which the
vulnerability can be exploited is only available in seunshare
.
Now, seunshare
is not built by default on Gentoo. You need to define
USE …