I think you could also use AppArmor profiles to filter network access per application in the way you describe. On 20/05/16 09:55, Elmar Stellnberger wrote: > > > Am 2016-05-20 um 10:34 schrieb donoban: >> >> I am running Debian on Qubes OS, I use gnome-calculator on a vault >> domain (a VM without any network device) because I though it does not >> need Internet or data/files from another domain. So without any >> knowledge I was protecting myself from this privacy leak... >> >> Maybe Debian should adopt a strong policy about what packages should >> have Internet access and what does not... All packages not supposed to >> have Internet access will be blocked by firewall or a similar approach >> (probably some kind of whitelist). >> > > Well, in order to block network access for individual apps you would > need something like SELinux. However I do not know abouot the > availability of security profiles for all such apps, neither do I know > about a convenient tool to browse such profiles f.i. in order to see > whehther a given app is allowed to access the network. > -- ale [wwb.cc | 414c45.net | @414c45]
Attachment:
signature.asc
Description: OpenPGP digital signature