On Sat, 2006-04-08 at 01:27, Bruno Wolff III wrote: > SELinux has value on Desktops, at least to some people. I would really like to > be able to run programs that don't have the same access to resources (in > particular network connections) that I do. I know longer trust software > venders not to bad stuff in their software, at least for things targetted > at consumers. Things are likely to get worse in this regard in the near > future. That seems to be a missing feature in normal Linux access control. The SysV versions I used prior to Linux had device entries in the filesystem for the network devices just like everything else, and access to them was controlled by the user/group/other permissions like everything else. You could limit the ability to open a network connection to a members of a specific group if you wanted. The Linux network devices seem to be something magic instead of following the normal access control model. -- Les Mikesell lesmikesell@xxxxxxxxx
