I have a security-sensitive customer...

Andrew Bartlett abartlet at samba.org
Thu May 19 14:51:24 GMT 2005

On Thu, 2005-05-19 at 10:46 -0400, David Collier-Brown wrote:
>   How so? It can do anything root can, it just can't do it 
> to some process in some other zone or on a filesystem or 
> network connected only to another zone.  
>   Did you hit a restriction Sun didn't notice?  If so
> I should open a bug for it.

I'm speaking only from the SELinux discussion that was had on this list,
where people wanted to try and define restrictive policies for Samba,
and some crazy ideas were proposed as regards how to transition between
the different zones (one per user).  

The point is that any zone with 'make me root again' as a privilege, is
a pretty special zone.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050520/6baf3116/attachment.bin

More information about the samba-technical mailing list