The current fedora.us buildsystem and future directions
Enrico Scholz
enrico.scholz at informatik.tu-chemnitz.de
Mon Dec 1 19:55:41 UTC 2003
notting at redhat.com (Bill Nottingham) writes:
>> 1. SELinux can protect foreign processes. But is it possible to hide
>> them in /proc also?
>
> If you cannot access it, why does it matter if it is visible?
E.g. 'service xyz stop' in rpm-scriptlets may have an unwanted behavior
when it sees 'xyz' processes in other "contexts".
>> 5. Can special mount-operations (e.g. /proc filesystem) be allowed by
>> the policy, or does this require userspace helper also?
>
> Not sure what you're asking here. Mount can be allowed or disallowed
> based on the policy.
We have to allow *some* kinds of mount but forbid all other ones.
Enrico
More information about the fedora-devel-list
mailing list