Re: BIND 9.10.1 beta with seccomp functionality

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Once upon a time, Tomas Hozza <thozza@xxxxxxxxxx> said:
> That's where seccomp kicks in, it acts as a 2nd wall of defence. In case
> of a security hole being present in the server process, it goes further
> than a chroot, it prevents the attacker from making socket connections
> orexecuting his code, as his "playing field" is significantly reduced.
> There's very little he can do.”

How is that different from an SELinux policy?  How is the additional
resitrction handled (if it isn't SELinux, what mechanism is used to do
the restriction)?
-- 
Chris Adams <linux@xxxxxxxxxxx>
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux