1 |
On 11/15/2009 11:22 AM, Dirk Heinrichs wrote: |
2 |
> |
3 |
> SELinux allows to spread the tasks root needs to do or can do accross several |
4 |
> roles. Of course, if only one single person has root access to the system this |
5 |
> doesn't make sense. But we're talking about cases where several people (incl. |
6 |
> the malicious attacker) have root access. So you can very well configure a |
7 |
> (SE-)Linux system so that "root" can't do everything. |
8 |
|
9 |
So how do you get your machine back if you forbid yourself to change its |
10 |
configuration then? |