Lower Process Capabilities

Serge E. Hallyn serue at us.ibm.com
Tue Jul 28 14:22:56 UTC 2009


Quoting Adam Jackson (ajax at redhat.com):
> On Tue, 2009-07-28 at 01:12 +0200, yersinia wrote:
> > On Mon, Jul 27, 2009 at 5:29 PM, Adam Jackson<ajax at redhat.com> wrote:
> > > Caps are also wrong in that they're effectively a partitioning of root's
> > > privileges above those of a user.  You would like the ability to do more
> > > than that.  For example, you'd like to be able to remove your ability to
> > > clone() or exec().  SELinux can do this, kinda.
> > 
> > Put an example, thanks.
> 
> Trim message bodies when quoting, thanks.
> 
> You can create an selinux context that is not allowed to exec, or only
> allowed to exec certain things.  Or not allowed to connect to TCP
> sockets.  Or pretty much anything else a normal user would otherwise be
> allowed to do.

This has little to do with what Steve is trying to do.

There has been talk of extending seccomp to do that kind of thing,
which seems interesting.  But I think that floundered away a few
weeks ago...  pending on someone to post a patch I guess.

-serge




More information about the fedora-devel-list mailing list