A few questions

[Salvo Giuffrida]

Good morning, I have some questions regarding aspects of SELinux I don't 
understand:
- The format of the file default_context in /etc/selinux/strict/contexts: 
why are there some lines for cron? From what I know, this file is intended 
to assign a default initial context to logged-in users. So, why there's also 
cron? Because it starts processes (jobs)?

- What about the "identity" part of the security context? How is filled?

- What makes the access control of SELinux "mandatory"? The fact that normal 
users can't change the security policy?

- From what I understood, the root user in SELinux is partitioned into a lot 
of domains, so, even if I program which runs as "sysadm_r:some_domain_t" is 
compromised, the damage is limited to the domain, right? But, can't the 
attacker transition to another domain using newrole, and do other damages, 
and continue on?

- Why in the Fedora there isn't the "staff_r" role?
Thanks a lot for the answers

_________________________________________________________________
Blocca le pop-up pubblicitarie con MSN Toolbar! http://toolbar.msn.it/