Re: I want to ask about some Kernel level operations.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 05/01/14 19:32, Markus Falb wrote:
>> >Would selinux would help in this specific case?
> Please remember that my example was not about removing/dev/*
> but about removing /* , so why just not building as root?

Well I am building as root when I understand it is safe to do so.

>
>> >usually I remember that chroot should help to prevent an issue with it.
>
> Hm, where to draw the line between prevention and mitigation? Anyways,
> do not build on the target machine, e.g. your production server.
OK.

> It does not really matter in many cases if your development environment is
> separated by a chroot or a virtual machine or a whole physical machine.
OK
>
> Use software versioning software
> Make Backups
> Be prepared to recreate your development environment.
OK
>
> Even if you easily can recreate the development environment, maybe diagnosis
> plus recreation takes still more work than not building as root in the first time.
This is the basic argument.
I encourage to not build as root since it is better to be safe and 
steady then fast and reckless.

>
> Anyways, looking at the Subject of this thread I have no clue what you are after.
> Even root can not do kernel level operations. Only the kernel can do that, can't it?

There are patches for the kernel to allow user-land almost direct access 
to the kernel resources.
In the above case it is better to understand first that there is a 
possibility in this level.
The kernel can be patched to send into the\an user-land software data.
I do remember that it was done for iptables extensions.

I am sure it is not recommended and it is not the best way to operate a 
system at all.

Eliezer

> -- Markus

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux