On Wed, 2004-05-19 at 06:55, Mikkel Kruse Johnsen wrote: > Hi All > > What is the relation between a process running under a system account > or under domains ? There's almost no relation. However SELinux does have a concept of "user identity" that is derived from the system accounts. The SELinux user identity is restricted to a set of roles, each of which stands for a set of domains. Thus there is a relationship, but not a very direct or strong one :) In the cases you talk about though, typically you wouldn't have a SELinux user defined. > Are these co-existing or can SELinux domains replace system accounts ? Completely coexisting. > Ex. can apache just use "root" as system account and use domains to > rescrict it ? Yes. > Meaning do we need to have all these system account or can SELinux get > rid of them ? > > Qmail is using 7 diff. system account, can I with SELinux just use > "root" and have SELinux do the security !!! Yes. It's not recommended though - why throw away a level of security?
Attachment:
signature.asc
Description: This is a digitally signed message part
