On Feb 19, 2005, Russell Coker <russell@xxxxxxxxxxxx> wrote:
> SE Linux controls all aspects of system security, including global
> thing such as mounting file systems and directly writing to block
> devices. If the chroot had a local policy as you suggest then which
> policy would control writing to the device node for the boot device?
Err... No differently from the way the Xen solution you recommended
would? Except, perhaps, for...
> http://sourceforge.net/mailarchive/forum.php?thread_id=6364737&forum_id=35600
which would require presumably yet another layer of MAC configuration
files. Which means yet another level of setting up and overlapping
settings, not really different from one possible implementation for
chroot policies.
--
Alexandre Oliva http://www.ic.unicamp.br/~oliva/
Red Hat Compiler Engineer aoliva@{redhat.com, gcc.gnu.org}
Free Software Evangelist oliva@{lsd.ic.unicamp.br, gnu.org}
|
Try Searching:
servers, voip, java, networking, microsoft ...
|
|
|
| 
