From: "Russell Coker" <[email protected]> > Apart from a few exceptions the SE Linux design is based on a default of deny
That is true and definitely adds a layer. Whether it is SELinux or containers - you rely on kernel code. Both can have vulnerabilities. SELinux is sharing the same name space with the rest of the system - so you can reach other services, files etc. by misconfiguration. People are lazy. The easiest way to get it work: allow everything for all. I just help someone to have a test instance of a website. There is a form writing data to one DB table (contact): What do I see: GRANT ALL for db.* for user anyone (no password). Regards Peter _______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
