| 1 |
On Sat, 2003-06-07 at 04:44, Peter Simons wrote: |
| 2 |
> does SELinux provide a way to configure system limits for certain |
| 3 |
> contexts, domains, or types? Like limiting the number of CPU seconds |
| 4 |
> they can use, etc. |
| 5 |
|
| 6 |
SELinux is only mandatory access control. Resource limiting like what |
| 7 |
you're describing is not covered. This could be covered by other |
| 8 |
packages (or the limits talked about, below). I think that for a really |
| 9 |
hardened system, a couple of the subprojects would be combined. |
| 10 |
Hardened sources will help facilitate this as it improves. But since |
| 11 |
the hardened team is only ~2.5 months old, things are still in the |
| 12 |
works. :) |
| 13 |
|
| 14 |
> And if it doesn't, can anyone recommend a way to simulate this? |
| 15 |
> |
| 16 |
> Oh, and by the way: I noticed that SELinux Gentoo-style comes with |
| 17 |
> duplicate configuration files. The limits file, for instance, is to be |
| 18 |
> found in /etc and in /etc/security. Is there a reason for this? And |
| 19 |
> which of the two files are actually used by the system? |
| 20 |
|
| 21 |
Well I see /etc/limits and /etc/security/limits.conf on all of my |
| 22 |
systems, its not something that SELinux is needing. BTW, /etc/security |
| 23 |
isn't just used for selinux stuff. /etc/limits comes from |
| 24 |
sys-apps/shadow and /etc/security/limits.conf comes from sys-libs/pam. |
| 25 |
I'm not sure exactly how their uses differ. |
| 26 |
|
| 27 |
-- |
| 28 |
Chris PeBenito |
| 29 |
<pebenito@g.o> |
| 30 |
Developer, SELinux |
| 31 |
Hardened Gentoo Linux |
| 32 |
|
| 33 |
"Engineering does not require science. Science helps |
| 34 |
a lot, but people built perfectly good brick walls |
| 35 |
long before they knew why cement works."-Alan Cox |
| 36 |
|
| 37 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
| 38 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |
Archives