1 |
On Sat, 2003-06-07 at 04:44, Peter Simons wrote: |
2 |
> does SELinux provide a way to configure system limits for certain |
3 |
> contexts, domains, or types? Like limiting the number of CPU seconds |
4 |
> they can use, etc. |
5 |
|
6 |
SELinux is only mandatory access control. Resource limiting like what |
7 |
you're describing is not covered. This could be covered by other |
8 |
packages (or the limits talked about, below). I think that for a really |
9 |
hardened system, a couple of the subprojects would be combined. |
10 |
Hardened sources will help facilitate this as it improves. But since |
11 |
the hardened team is only ~2.5 months old, things are still in the |
12 |
works. :) |
13 |
|
14 |
> And if it doesn't, can anyone recommend a way to simulate this? |
15 |
> |
16 |
> Oh, and by the way: I noticed that SELinux Gentoo-style comes with |
17 |
> duplicate configuration files. The limits file, for instance, is to be |
18 |
> found in /etc and in /etc/security. Is there a reason for this? And |
19 |
> which of the two files are actually used by the system? |
20 |
|
21 |
Well I see /etc/limits and /etc/security/limits.conf on all of my |
22 |
systems, its not something that SELinux is needing. BTW, /etc/security |
23 |
isn't just used for selinux stuff. /etc/limits comes from |
24 |
sys-apps/shadow and /etc/security/limits.conf comes from sys-libs/pam. |
25 |
I'm not sure exactly how their uses differ. |
26 |
|
27 |
-- |
28 |
Chris PeBenito |
29 |
<pebenito@g.o> |
30 |
Developer, SELinux |
31 |
Hardened Gentoo Linux |
32 |
|
33 |
"Engineering does not require science. Science helps |
34 |
a lot, but people built perfectly good brick walls |
35 |
long before they knew why cement works."-Alan Cox |
36 |
|
37 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
38 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |