I have a security-sensitive customer...
David Collier-Brown
David.Collier-Brown at Sun.COM
Thu May 19 14:56:03 GMT 2005
Righto, zones and TS default policies are less dramatic (:-))
--dave
Andrew Bartlett wrote:
> On Thu, 2005-05-19 at 10:46 -0400, David Collier-Brown wrote:
>
>> How so? It can do anything root can, it just can't do it
>>to some process in some other zone or on a filesystem or
>>network connected only to another zone.
>> Did you hit a restriction Sun didn't notice? If so
>>I should open a bug for it.
>
>
> I'm speaking only from the SELinux discussion that was had on this list,
> where people wanted to try and define restrictive policies for Samba,
> and some crazy ideas were proposed as regards how to transition between
> the different zones (one per user).
>
> The point is that any zone with 'make me root again' as a privilege, is
> a pretty special zone.
>
> Andrew Bartlett
>
--
David Collier-Brown, | Always do right. This will gratify
Sun Microsystems, Toronto | some people and astonish the rest
davecb at canada.sun.com | -- Mark Twain
(416) 263-5733 (x65733) |
More information about the samba-technical
mailing list