Allow internet/network access based on binary -- ask user for permission if a binary wants to connect to the internet

[Alec Leamas]

On 08/12/14 23:26, Moez Roy wrote:
> I only want certain binaries to be allowed network access.
>
> For example, I want to allow the below binaries access to the internet:
>
> /usr/lib64/firefox/firefox
> /usr/lib/virtualbox/VirtualBox
> /bin/yum (it seems to be done via python like /usr/bin/python /bin/yum
> update -- so here obviously python is allowed network access only for
> yum ('the binary'). This rule should not give python network access
> for any other binaries/.py scripts etc.)
>
> I want no other binary to be able to access the network.
>
> If a binary attempts to access the network there should be a popup, asking me:
>
> a. Deny network access and Remember this Decision if the same binary
> attempts to access the network again.
>
> b. Allow network access and Remember this Decision if the same binary
> attempts to access the network again.
>
> c. Allow network access this time but Prompt me Again if this binary
> tries to access the network.
>
> d. Deny network access this time but Prompt me Again if this binary
> tries to access the network.

[cut]

It's really hard to say something useful when facing this kind of rather 
low-level specification. I think you could get better answers if you 
expressed you needs on a somewhat higher level. What is this all about, 
really?

Besides what's mentioned in the link you might use sudo or polkit to 
achieve something similar. No idea if this is "similar enough" for your 
needs.

Cheers!

--alec