On Tue, Oct 26, 2010 at 14:07:53 -0700, Jesse Keating <jkeating@xxxxxxxxxx> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > That's only if you give root the right to disable or load new selinux > policy. And the policy is tight enough. You need to not allow root shells or most processes the ability to read the keys out of memory or to write memory that will change how things work. I don't think targeted policy is locked down enough to stop that even if you don't allow root to disble selinux. > Seriously, there are machines on the public Internet with a published > root account. You're welcome to log in and try to do anything with them. Yeah, I know about one guy that offers a root password if you ask. I am not sure what policy he is running on that machine. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
