Re: New stacker performance results

From: Valdis.Kletnieks@private
Date: Wed May 25 2005 - 10:03:47 PDT


On Wed, 25 May 2005 12:37:59 EDT, Stephen Smalley said:

> The difficulties in creating an effective jail have nothing to do with
> SELinux per se, and trying to do one without the full range of control
> offered by SELinux is likely to expose you to holes.  

Right.  The point was that even if you *are* using SELinux, trying to
satisfy a security policy that says "A chrooted process may not..."
is difficult.

(And before you say "such a rule is silly", note that quite often, we're
not given a *choice* - sometimes we're given a rule and told "implement it"...)





This archive was generated by hypermail 2.1.3 : Wed May 25 2005 - 10:04:11 PDT