Re: New stacker performance results

From: Valdis.Kletnieks@private
Date: Wed May 25 2005 - 10:03:47 PDT

Previous message: Stephen Smalley: "Re: New stacker performance results"
In reply to: Stephen Smalley: "Re: New stacker performance results"
Next in thread: Stephen Smalley: "Re: New stacker performance results"
Next in thread: Stephen Smalley: "Re: New stacker performance results"
Reply: Stephen Smalley: "Re: New stacker performance results"
Reply: Colin Walters: "Re: New stacker performance results"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Wed, 25 May 2005 12:37:59 EDT, Stephen Smalley said:

> The difficulties in creating an effective jail have nothing to do with
> SELinux per se, and trying to do one without the full range of control
> offered by SELinux is likely to expose you to holes.  

Right.  The point was that even if you *are* using SELinux, trying to
satisfy a security policy that says "A chrooted process may not..."
is difficult.

(And before you say "such a rule is silly", note that quite often, we're
not given a *choice* - sometimes we're given a rule and told "implement it"...)

application/pgp-signature attachment: stored

Previous message: Stephen Smalley: "Re: New stacker performance results"
In reply to: Stephen Smalley: "Re: New stacker performance results"
Next in thread: Stephen Smalley: "Re: New stacker performance results"
Next in thread: Stephen Smalley: "Re: New stacker performance results"
Reply: Stephen Smalley: "Re: New stacker performance results"
Reply: Colin Walters: "Re: New stacker performance results"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Wed May 25 2005 - 10:04:11 PDT