Archives
Archives
| From: | Sven Vermeulen <swift@g.o> | ||
|---|---|---|---|
| To: | gentoo-hardened@l.g.o | ||
| Subject: | Re: [gentoo-hardened] Switching hardened amd64 to SELinux | ||
| Date: | Wed, 22 Feb 2012 18:07:47 | ||
| Message-Id: | 20120222180710.GA4865@gentoo.org | ||
| In Reply to: | Re: [gentoo-hardened] Switching hardened amd64 to SELinux by "Tomáš Dobrovolný" |
||
| 1 | On Mon, Feb 20, 2012 at 10:05:22PM +0100, TomᨠDobrovolný wrote: |
| 2 | > Maybe to allow it to all init scripts is too strong. It will be better |
| 3 | > to allow it only for specialized scripts ... only one /etc/init.d/sysctl ;-) |
| 4 | |
| 5 | There's little choice here. Either the script runs as initrc_t, or we |
| 6 | transition when we call sysctl (to sysctl_t or so). Individual initrc_t |
| 7 | domains (like sysctl_initrc_t) we don't support (yet). |
| 8 | |
| 9 | Wkr, |
| 10 | Sven Vermeulen |