From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 737CE138359 for ; Mon, 27 Jul 2020 04:48:36 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8C41BE1661; Mon, 27 Jul 2020 04:48:35 +0000 (UTC) Received: from raba.swcp.com (raba.swcp.com [216.184.2.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 5CFC5E1661 for ; Mon, 27 Jul 2020 04:48:34 +0000 (UTC) Received: from roundcube.swcp.com (roundcube.swcp.com [216.184.2.221]) by raba.swcp.com (8.15.2/8.15.2/Debian-14~deb10u1) with ESMTP id 06R4mVjs014083 for ; Sun, 26 Jul 2020 22:48:32 -0600 Received: from roundcube.swcp.com (localhost [127.0.0.1]) by roundcube.swcp.com (8.15.2/8.15.2/Debian-8) with ESMTP id 06R4mVE6013188 for ; Sun, 26 Jul 2020 22:48:31 -0600 Received: (from www-data@localhost) by roundcube.swcp.com (8.15.2/8.15.2/Submit) id 06R4mVlE013187; Sun, 26 Jul 2020 22:48:31 -0600 X-Authentication-Warning: roundcube.swcp.com: www-data set sender to ebo@sandien.com using -f To: Subject: Re: [gentoo-soc] Weekly Report: Fusebox - FUSE Porwered sandbox project X-PHP-Originating-Script: 1000:main.inc Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-soc@lists.gentoo.org Reply-to: gentoo-soc@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Date: Sun, 26 Jul 2020 22:48:31 -0600 From: EBo In-Reply-To: References: Message-ID: <74bfe2205faccaf9bf07e0e4be0d8d73@mail.swcp.com> X-Sender: ebo@sandien.com User-Agent: Roundcube Webmail/0.8.2 X-Archives-Salt: 9d5e93fa-9f04-4a54-85a8-37be775d414e X-Archives-Hash: 2d8724bea0e331604d9bae3658570bd7 Recently I was watching some videos that was looking at vulnerabilities in IP camera systems and many of the fails that the security person was able to exploit were forgetting to lock down access to some directory or file so that he was able to first examine a program or script, and then determine points of access. With the discussion here I was wondering if there was any mechanism to turn all access off, and then 'grant' access to something. This may be similar to how Gentoo's USE flags can be likewise cleaned by: "USE = "-* X alsa..." Anyway, I browsed your tests and did not find anything and thought I might mention it. EBo -- On Jul 26 2020 5:00 PM, Kaoru Esashika wrote: > Hi, > This week, I wrote the code about ACL (Access Control List). > The ACL allows you to actually control whether or not the application > can access your files. > This implementation also includes an interface that allows you to > control access to the files dynamically. > Specifically, you can control access to specific files by writing a > list of files to be controlled in a special virtual file called a > control file. > > Next week, I will integrate the Fusebox with emerge/portage. And > also, > I need prepare to evaluation... > > Project Repository: https://github.com/pluser/fusebox > > Regards, > Kaoru Esashika