[redhat-lspp] Re: newrole, UID change, etc
Steve Grubb
sgrubb at redhat.com
Tue Apr 25 12:59:23 UTC 2006
On Monday 24 April 2006 16:08, Stephen Smalley wrote:
> If we want to permit capability granting w/o uid 0, then that is a
> kernel change, not a newrole change.
So far, in all the talks we've ever had about SE Linux, its always been
advertised as limiting existing permission. I would be hesitant to allow SE
Linux to start granting permissions. I think its not necessary, potentially a
security risk if not done carefully, and would confuse people that have
managed to learn SE Linux about why it can now escalate permission instead of
restrict it.
-Steve
More information about the redhat-lspp
mailing list