Benefits

Control the objects used by one application

The Linux access control model is based on user identities and capacities.

But these do not allow to limit the universe of objects that an application can access.

  • e.g. an application can create a TCP connection to an IP address but not necessarily to any IP address.

Control the exposure of an application

An application can have multiple interfaces.

However, all local or remote applications may not need to explore these interfaces.

Last updated