I’ve installed SELinux in Debian sid in order to use the sandbox that
locks down apps to a restricted enviroment, but I can’t get it to work.
If I try to use the sandbox command in permissive mode without any
options, like "sandbox nano", I get the following error:
/usr/bin/sandbox: [Errno 22] Invalid argument
And if I try to run it with options for temporary home and tmp dirs, with or without the -X option, another error message pops up:Could not set exec context to unconfined_u:unconfined_r:sandboxxt:s0:c236,c539.
Failed to remove directory /tmp/.sandbox-root-vfZJIt: No such file or directory
I have tried using the sandbox app in enforced mode, but it complains
about missing type enforcement rules. I don’t think that’s the issue
though. Does anyone know how to fix this?