SELinux - back to basics

adrian golding adriangolding at
Mon Aug 17 02:42:54 UTC 2009

dear all, can you please point me to the right place:
with reference to:

i am interested in how dan knows what an attacker can make use of the samba
vulnerability to do by default, and what the attacker cannot do.  More
generally speaking, how do we look at a service or application in a SELinux
system, and finding out what the attacker can do and cannot do in the case
of the service being exploited?

in that page, he looked at some of the relevant booleans and i guess
"samba_enable_home_dirs ---> off" prevents the attacker to read/manipulate
the user's home directories. But what about the rest?  What other things can
an end user (who is not very experienced in SELinux) examine to know what
the attacker can / cannot do?

thank you
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the fedora-selinux-list mailing list