Research
Skip Research Menus
Research MenuSecurity Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links |
SELinux Mailing ListRe: New Apache policy
From: Tom <tom_at_lemuria.org>
Date: Tue, 29 Oct 2002 19:50:22 +0100
That is a good idea, I will try it.
> > Also, I may think about restricting _local_ access for these tools, Yes, but you might either not intend to run it (it may not even be something executable, I keep documentation in CVS, for example) or you may execute it in a chroot or other restricted environment (simply labeling the resulting binary with some special bin_untrusted_t might be what you prefer). One way or the other, this is the larger question of how to deal with foreign executables and for now I'd like to leave that to the local sysadmin. He may already have a good policy in place. -- http://web.lemuria.org/pubkey.html pub 1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@lemuria.org> Key fingerprint = C731 64D1 4BCF 4C20 48A4 29B2 BF01 9FA1 2D7A 04F5 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Tue 29 Oct 2002 - 14:09:29 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |