On Wed, 31 Oct 2007, Peter Dolding wrote:
MultiAdmin loaded before Selinux breaks Selinux since Multi Admin rules are
applied over using Selinux rules. This is just the way it is stacking LSM's
is Just not healthy you always risk on LSM breaking another. Part of the
reason why I have suggested a complete redesign of LSM. To get away from
this problem of stacking.
since the method of stacking hasn't been determined yet, you can't say
this.
it would be possible for MultiAdmin to grant additional access, that
SELinux then denies for it's own reasons.
if the SELinux policy is written so that it ignores capabilities, and
instead just looks at uid0 then that policy is broken in a stacked
environment, but it's the polciy that's broken, not the stacking.
yes, there will be interactions that don't make sense, but just becouse
something can be used wrong doesn't mean that there aren't other cases
where it can be used properly.
David Lang
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
