On 11/15/2009 11:22 AM, Dirk Heinrichs wrote:
SELinux allows to spread the tasks root needs to do or can do accross several roles. Of course, if only one single person has root access to the system this doesn't make sense. But we're talking about cases where several people (incl. the malicious attacker) have root access. So you can very well configure a (SE-)Linux system so that "root" can't do everything.
So how do you get your machine back if you forbid yourself to change its configuration then?
