1 |
On Sunday 15 November 2009 16:40:48 Nikos Chantziaras wrote: |
2 |
> On 11/15/2009 11:22 AM, Dirk Heinrichs wrote: |
3 |
> > SELinux allows to spread the tasks root needs to do or can do accross |
4 |
> > several roles. Of course, if only one single person has root access to |
5 |
> > the system this doesn't make sense. But we're talking about cases where |
6 |
> > several people (incl. the malicious attacker) have root access. So you |
7 |
> > can very well configure a (SE-)Linux system so that "root" can't do |
8 |
> > everything. |
9 |
> |
10 |
> So how do you get your machine back if you forbid yourself to change its |
11 |
> configuration then? |
12 |
|
13 |
|
14 |
reboot|power down|pull power plug out|whatever and edit kernel config line to |
15 |
not laod selinux |
16 |
|
17 |
-- |
18 |
alan dot mckinnon at gmail dot com |