[NCLUG] capability based kernel design
Sean Reifschneider
jafo at tummy.com
Sun Mar 18 20:04:10 MDT 2007
On Sun, Mar 18, 2007 at 07:50:18PM -0600, John L. Bass wrote:
>several attempts to add capabilities to UNIX, but none became widely
>adopted as a standard, in a form that has allowed SUSER to be completely
>abandoned.
SELinux does allow dropping root. They just haven't taken Fedora that far
yet. Users definitely can take it that far, but so far it's just not been
a priority. When you regularly do updates, current Fedora systems are
"good enough" for most tasks without it. Secure enough to not have to live
with the pain that most users would have to go through to get all the
additional applications they'd like to run on the system working with
SELinux...
Sean
--
"The guy with the switch-blade gets to deal."
"Yeah, but that's not a switch-blade." <Schick> "I stand corrected."
Sean Reifschneider, Member of Technical Staff <jafo at tummy.com>
tummy.com, ltd. - Linux Consulting since 1995: Ask me about High Availability
More information about the NCLUG
mailing list