On Wed, 2003-08-13 at 16:02, Colin Walters wrote: > Let me give an example of how SELinux protects my machine (verbum.org). > My blog is a Python script (pyblosxom) which runs in a domain called > httpd_user_script_t.
Oh, and what I forgot to mention about this domain is that it doesn't have write access to any files, for example. Nor (obviously) can it use the mount syscall. And those restrictions carry over to any other program it executes, including /bin/sh, /bin/ls, /bin/mount, whatever.
