On Mon, 2004-11-15 at 10:12, Daniel J Walsh wrote: > No. SELinux is parallel to normal Linux/Unix protections. So anything > that is prevented do > to Normal Unix protections will be prevented in an SELinux System. In > the future this might > change. Note however that you can run a uid 0 process in a particular SELinux security domain and deny it all capabilities except CAP_NET_BIND_SERVICE using the SELinux policy, and further use SELinux policy to limit it to a specific port number or range. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
