Good morning, I have some questions regarding aspects of SELinux I don't
understand:
- The format of the file default_context in /etc/selinux/strict/contexts:
why are there some lines for cron? From what I know, this file is intended
to assign a default initial context to logged-in users. So, why there's also
cron? Because it starts processes (jobs)?
- What about the "identity" part of the security context? How is filled?
- What makes the access control of SELinux "mandatory"? The fact that normal
users can't change the security policy?
- From what I understood, the root user in SELinux is partitioned into a lot
of domains, so, even if I program which runs as "sysadm_r:some_domain_t" is
compromised, the damage is limited to the domain, right? But, can't the
attacker transition to another domain using newrole, and do other damages,
and continue on?
- Why in the Fedora there isn't the "staff_r" role?
Thanks a lot for the answers
_________________________________________________________________
Blocca le pop-up pubblicitarie con MSN Toolbar! http://toolbar.msn.it/
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
