Posted Sep 24, 2004 6:07 UTC (Fri) by Ross
In reply to: Complexity
Parent article: An introduction to SELinux
I think the other poster was suggesting something like heiarchical userids
so that users could run subprocesses with a different set of rights than
the parent process. To avoid priviledge escalation these would have to be
strictly one-directional. Similar support for groups would also be nice.
The question is what would the interface look like and how much would it get
in the way. If it was too difficult to use people might as well use a non-
Unix-like solution like SELinux.
(Capabilities are useless as currently defined in the kernel unless you are
trying to restrict what a program running as uid-0 can do. None of the
operations which normal users can perform can be disabled.)
to post comments)