On Thu, 21 Oct 2004, Colin Walters wrote:


I'd like to announce the first release of a little project called Imsep.
The goal, in short, is to completely isolate image loaders using
SELinux, so that a compromised or buggy image loader can do essentially
nothing.   It's designed for the "targeted" SELinux policy to be
released with Fedora Core 3.

I've put up a little web page here with slightly more information:

The source includes a sample SELinux policy.

For people reading on the GTK+ list: I've created an initial patch to
make gdk-pixbuf use imsep, it seems to work:

The GDK_PIXBUF_FORMAT_REQUIRES_LOAD feels like a hack, but I didn't see
a better alternative.

Comments welcome.

it'd be nice if you could give a description of what the patch attempts
to achive. reading through it, i simply don't understand what it intends
to achive/change.

partially, that's due to io-imsep.c missing from your patch, you should create patches with diff -Nup to catch newly added files.


