On Tue, 2006-03-14 at 17:10 +0100, Dawid Gajownik wrote: > Dnia 03/06/2006 01:02 PM, Użytkownik Ron Yorston napisał: > > I found that several processes weren't being listed by 'ps ax' when > > run as an ordinary user but were when run as root. > > I like this feature! Unfotunately, it's disabled in new > selinux-policy package :/ Would it be possible to turn it on via > setsebool or semanage? What precisely did you like about it? If you use -strict or -mls policy, then unprivileged users should be restricted in what they can see in /proc (and thus ps output). For -targeted, users aren't supposed to be confined (just specific daemons), and the MCS component in -targeted is really a discretionary model, unlike MLS. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
