From: Trent Jaeger <[EMAIL PROTECTED]> Date: Mon, 16 Jan 2006 21:54:13 -0500
> We want to limit the modification of security contexts only to the > minimal set of programs (e.g., setkey and racoon). SELinux generally > restricts root programs to least privilege rights, such that a root > program that does not modify security policy under any normal > circumstances is not given permissions to do so. As a result, such > programs are constrained from modifying security policy if compromised. What about per-socket IPSEC policy settings installed via setsockopt()? - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
