[ale] Running stuff as root == bad, was Re: FC13 question

Jim Kinney jim.kinney at gmail.com
Sat Jul 31 16:40:11 EDT 2010


True enough. An over symplification indeed. Blank out securetty to disallow
direct root login outside of runlevel 1.

Some stuff must be run as root. But selinux policies can allow communication
without it if carefully crafted and using <500 UID for process user.

On Jul 31, 2010 12:59 PM, "Scott McBrien" <smcbrien at gmail.com> wrote:

That's all well and good if you want to make your own policy, but on RHEL,
CentOS, and Fedora, root runs as an unconfined user, so for the most part
they can still mangle whatever they want.  "Learn SELinux" is simplifying A
LOT.

-Scott



On Jul 31, 2010, at 12:29 PM, Jim Kinney <jim.kinney at gmail.com> wrote:

> Learn selinux.
>>
>> On Jul 31, 2010 12:14 AM, "Michael Trausch" <mike at trausch.us> wrote:
>>
>> Th...

_______________________________________________
Ale mailing list
Ale at ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20100731/59eaa299/attachment.html 


More information about the Ale mailing list