> How can capabilities override MAC checks? We have DAC_OVERRIDE capability but > no MAC_OVERRIDE... I think that POSIX.1e defines capabilities for overriding MAC restrictions as well, although Linux doesn't presently define them. However, SELinux provides a better mechanism for this purpose, as I've discussed previously, http://marc.theaimsgroup.com/?l=selinux&m=97922666422991&w=2. -- Stephen Smalley, NSA sdsat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Jan 30 2003 - 07:39:28 PST