Stephen Smalley wrote:
No - here we are running programs that do not expect to have any special privileges beyond their caller.
Yes, you would have to make the programs CAP aware, and in any case ...
And semanage is a python script.
The Orange Book educated mind boggles. You're right. Bad idea. Never mind. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
