On 05/01/14 19:32, Markus Falb wrote:
>> >Would selinux would help in this specific case?
> Please remember that my example was not about removing/dev/*
> but about removing /* , so why just not building as root?
Well I am building as root when I understand it is safe to do so.
>
>> >usually I remember that chroot should help to prevent an issue with it.
>
> Hm, where to draw the line between prevention and mitigation? Anyways,
> do not build on the target machine, e.g. your production server.
OK.
> It does not really matter in many cases if your development environment is
> separated by a chroot or a virtual machine or a whole physical machine.
OK
>
> Use software versioning software
> Make Backups
> Be prepared to recreate your development environment.
OK
>
> Even if you easily can recreate the development environment, maybe diagnosis
> plus recreation takes still more work than not building as root in the first time.
This is the basic argument.
I encourage to not build as root since it is better to be safe and
steady then fast and reckless.
>
> Anyways, looking at the Subject of this thread I have no clue what you are after.
> Even root can not do kernel level operations. Only the kernel can do that, can't it?
There are patches for the kernel to allow user-land almost direct access
to the kernel resources.
In the above case it is better to understand first that there is a
possibility in this level.
The kernel can be patched to send into the\an user-land software data.
I do remember that it was done for iptables extensions.
I am sure it is not recommended and it is not the best way to operate a
system at all.
Eliezer
> -- Markus
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
