On Tue, Oct 26, 2010 at 14:18:55 -0400, Przemek Klosowski <przemek.klosow...@nist.gov> wrote: > > Such user-differentiated authorization is provided by the filesystem > access rights, ACLs and SELinux attributes. Note that unlike the first > two mechanisms, SELinux can protect the data even for systems with > compromised root---as someone said, SELinux can be configured so that > you can tell people "here's the root password; now break into my computer".
That's overstating things a bit. A root compromise is usually going to allow working around selinux limitations. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
