SElinux
Les Mikesell
lesmikesell at gmail.com
Sat Apr 8 16:46:17 UTC 2006
On Sat, 2006-04-08 at 01:27, Bruno Wolff III wrote:
> SELinux has value on Desktops, at least to some people. I would really like to
> be able to run programs that don't have the same access to resources (in
> particular network connections) that I do. I know longer trust software
> venders not to bad stuff in their software, at least for things targetted
> at consumers. Things are likely to get worse in this regard in the near
> future.
That seems to be a missing feature in normal Linux access control.
The SysV versions I used prior to Linux had device entries in the
filesystem for the network devices just like everything else, and
access to them was controlled by the user/group/other permissions
like everything else. You could limit the ability to open a
network connection to a members of a specific group if you
wanted. The Linux network devices seem to be something magic
instead of following the normal access control model.
--
Les Mikesell
lesmikesell at gmail.com
More information about the fedora-list
mailing list