Re: Linux Security Protection System

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pavel Machek <pavel@ucw.cz>
To: Bosko Radivojevic <bole@etf.bg.ac.yu>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Linux Security Protection System
Date: Sun, 20 Oct 2002 16:14:45 +0200	[thread overview]
Message-ID: <20021020141444.GA6280@elf.ucw.cz> (raw)
In-Reply-To: <Pine.LNX.4.44.0210161607590.28724-100000@falcon.etf.bg.ac.yu>

Hi!

> Filesystem Access Domain subsystem allows restriction of accessible
> filesystem parts for both individual users and programs. Now you can
> restrict user activities to only its home, mailbox etc. Filesystem Access
> Domains works on device, dir and individual file granularity.
> 
> IP Labeling lists enable restriction on allowed network connections on per
> program basis. From now on, you may configure your policy so that no one
> except your favorite MTA can connect to remote port 25

How do you handle ptrace()? Per-program security seems -- quite
strange to me. Either you completely disallow ptrace(), or I can not
seee how per-program security can be usefull...
									Pavel

-- 
Worst form of spam? Adding advertisment signatures ala sourceforge.net.
What goes next? Inserting advertisment *into* email?

     prev parent reply	other threads:[~2002-10-26 10:23 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-10-16 13:28 2.5.43 hangs silently on boot Robinson Maureira Castillo
2002-10-16 14:08 ` Linux Security Protection System Bosko Radivojevic
2002-10-18 12:47   ` Jakob Oestergaard
2002-10-20 14:14   ` Pavel Machek [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20021020141444.GA6280@elf.ucw.cz \
    --to=pavel@ucw.cz \
    --cc=bole@etf.bg.ac.yu \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.