[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: /sbin/restorecon and hard links

From: John Reiser <jreiser BitWagon com>
To: fedora-selinux-list redhat com
Subject: Re: /sbin/restorecon and hard links
Date: Wed, 15 Feb 2006 07:44:43 -0800

Stephen Smalley wrote:
> BTW, it is important to remember here that targeted policy doesn't try
> to confine users (just specific programs and daemons) and that
> relabeling /etc/passwd or other system files doesn't give the user any
> greater access since he is already unconfined as far as SELinux is
> concerned.

That's true for SELinux policy itself.  However, the linux kernel _does_
confine users, independent of "external [to the kernel]" SELinux policy,
as an unavoidable part of the complete selinux package.  Namely, the
restrictions on execmod and execmem can make life difficult for legitimate
software which uses non-mainstream techniques to achieve higher performance
and/or create a richer debugging environment.  Even in targeted mode,
SELinux has greater-than-zero operational costs for non-targeted software.

--

Follow-Ups:
- Re: /sbin/restorecon and hard links
  - From: Stephen Smalley

References:
- /sbin/restorecon and hard links
  - From: Erik Sjölund
- Re: /sbin/restorecon and hard links
  - From: Stephen Smalley
- Re: /sbin/restorecon and hard links
  - From: Stephen Smalley

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]