load_policy in chroot question
Alexandre Oliva
aoliva at redhat.com
Mon Feb 21 13:54:31 UTC 2005
On Feb 19, 2005, Russell Coker <russell at coker.com.au> wrote:
> SE Linux controls all aspects of system security, including global
> thing such as mounting file systems and directly writing to block
> devices. If the chroot had a local policy as you suggest then which
> policy would control writing to the device node for the boot device?
Err... No differently from the way the Xen solution you recommended
would? Except, perhaps, for...
> http://sourceforge.net/mailarchive/forum.php?thread_id=6364737&forum_id=35600
which would require presumably yet another layer of MAC configuration
files. Which means yet another level of setting up and overlapping
settings, not really different from one possible implementation for
chroot policies.
--
Alexandre Oliva http://www.ic.unicamp.br/~oliva/
Red Hat Compiler Engineer aoliva@{redhat.com, gcc.gnu.org}
Free Software Evangelist oliva@{lsd.ic.unicamp.br, gnu.org}
More information about the fedora-selinux-list
mailing list