Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: dynamic context transitions
From: Colin Walters <walters_at_verbum.org>
Date: Mon, 01 Nov 2004 21:18:00 -0500
I can see some specialized uses for this with e.g. the Samba example, but I'm having trouble seeing how it would be broadly useful, although I haven't thought about the MLS case much. But in your examples above, the policy can already restrict which ports a domain can bind; it doesn't seem useful to drop the privileges to bind to those ports. Also, why would it be useful to drop the privileges to read configuration files? -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Mon 1 Nov 2004 - 21:18:03 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |