I have a security-sensitive customer...
Andrew Bartlett
abartlet at samba.org
Thu May 19 14:51:24 GMT 2005
On Thu, 2005-05-19 at 10:46 -0400, David Collier-Brown wrote:
> How so? It can do anything root can, it just can't do it
> to some process in some other zone or on a filesystem or
> network connected only to another zone.
> Did you hit a restriction Sun didn't notice? If so
> I should open a bug for it.
I'm speaking only from the SELinux discussion that was had on this list,
where people wanted to try and define restrictive policies for Samba,
and some crazy ideas were proposed as regards how to transition between
the different zones (one per user).
The point is that any zone with 'make me root again' as a privilege, is
a pretty special zone.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050520/6baf3116/attachment.bin
More information about the samba-technical
mailing list