Review: Red Hat’s Fedora 12 Beta Operating System

Red Hat’s leading-edge Linux-based operating system, Fedora, hit a beta milestone this week on the way to its Version 12 release. As with Ubuntu Linux, which recently underwent a beta release of its own, Fedora 12 will be packed with the latest and greatest versions of popular open-source applications, such as the OpenOffice.org productivity suite, the Firefox Web browser, and up-to-date releases of the GNOME and KDE desktop environments.

Beyond these typical Linux updates, the updates that have caught my eye in this version deal with strengthening the core of the distribution and of Linux distributions in general, as Red Hat’s open-source innovations trickle downstream into other Linux-based operating systems. In particular, Fedora 12 advances the state of Linux system privilege management on multiple fronts and exhibits continued progress in virtualisation.

System Privileges

One of the first Fedora 12 enhancements to jump out at me was the distribution’s new capability for sandboxing potentially untrusted graphical applications with SELinux. The new feature, called sandbox -X, provides graphical applications with a temporary environment to run in that’s walled off from the rest of system.

For instance, on my test machine, I created a wrapper script for Adobe Reader (a frequent target of malware purveyors) that would launch the application within an SELinux sandbox. I could view my document normally (more or less, I experienced frequent Reader crashes during my tests, with or without the sandboxing), but could not browse my file system or reach the network. If I wanted to extend Internet access to my sandbox – to test a Web browser, for instance – I simply appended “-t sandbox_web_t” to my command to allow for the access.

For now, sandboxed applications launch in windows that cannot be resized, and not every application I attempted to sandbox worked properly. Firefox, for instance, launched without issue, but Google’s open-source Chromium browser crashed immediately upon launch.

Moving forward, I’ll be interested to see whether and how the Fedora project integrates sandbox -X with the rest of the distribution. If nothing else, the feature is a good example of what can be done with SELinux. For more information on sandbox -X, check out this blog post from Red Hat’s Dan Walsh.

SELinux provides Linux with a scheme for mandatory access control, where the only rights that users or processes enjoy are those explicitly granted. In Red Hat and Fedora systems, SELinux usually operates under a targeted policy, where only specific parts of the system are controlled so tightly. The rest of these systems are bound by the traditional Linux DAC (discretionary access control) system.

Page: 1 2

Jason Brooks eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

View Comments

Share
Published by
Jason Brooks eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

US Finalises Billions In Awards To Samsung, Texas Instruments

US finalises $4.7bn award to Samsung Electronics, $1.6bn to Texas Instruments to boost domestic chip…

8 hours ago

OpenAI Starts Testing New ‘Reasoning’ AI Model

OpenAI begins safety testing of new model o3 that uses 'reasoning' process to ensure reliability…

8 hours ago

US ‘Adding Sophgo’ To Blacklist Over Link To Huawei AI Chip

US Commerce Department reportedly adding China's Sophgo to trade blacklist after TSMC-manufactured part found in…

9 hours ago

Amazon Workers Go On Strike Across US

Amazon staff in seven cities across US go on strike after company fails to negotiate,…

9 hours ago

Senators Ask Biden To Extend TikTok Ban Deadline

Two US senators ask president Joe Biden to delay TikTok ban by 90 days after…

10 hours ago

Journalism Group Calls On Apple To Remove AI Feature

Reporters Without Borders calls on Apple to remove AI notification summaries feature after it generates…

10 hours ago