[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: The current fedora.us buildsystem and future directions

From: Enrico Scholz <enrico scholz informatik tu-chemnitz de>
To: fedora-devel-list redhat com
Subject: Re: The current fedora.us buildsystem and future directions
Date: Mon, 01 Dec 2003 20:55:41 +0100

notting redhat com (Bill Nottingham) writes:

>> 1. SELinux can protect foreign processes. But is it possible to hide
>>    them in /proc also?
>
> If you cannot access it, why does it matter if it is visible?

E.g. 'service xyz stop' in rpm-scriptlets may have an unwanted behavior
when it sees 'xyz' processes in other "contexts".


>> 5. Can special mount-operations (e.g. /proc filesystem) be allowed by
>>    the policy, or does this require userspace helper also?
>
> Not sure what you're asking here. Mount can be allowed or disallowed
> based on the policy.

We have to allow *some* kinds of mount but forbid all other ones.



Enrico

Follow-Ups:
- Re: The current fedora.us buildsystem and future directions
  - From: Bill Nottingham

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]