Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751223AbWIKIGK (ORCPT ); Mon, 11 Sep 2006 04:06:10 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751228AbWIKIGK (ORCPT ); Mon, 11 Sep 2006 04:06:10 -0400 Received: from mail1.sea5.speakeasy.net ([69.17.117.3]:412 "EHLO mail1.sea5.speakeasy.net") by vger.kernel.org with ESMTP id S1751223AbWIKIGI (ORCPT ); Mon, 11 Sep 2006 04:06:08 -0400 Date: Mon, 11 Sep 2006 04:06:05 -0400 (EDT) From: James Morris X-X-Sender: jmorris@d.namei To: David Madore cc: Alan Cox , Linux Kernel mailing-list , LSM mailing-list Subject: Re: [PATCH 3/4] security: capabilities patch (version 0.4.4), part 3/4: introduce new capabilities In-Reply-To: <20060910160953.GA6430@clipper.ens.fr> Message-ID: References: <20060910133759.GA12086@clipper.ens.fr> <20060910134257.GC12086@clipper.ens.fr> <1157905393.23085.5.camel@localhost.localdomain> <20060910160953.GA6430@clipper.ens.fr> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 528 Lines: 19 On Sun, 10 Sep 2006, David Madore wrote: > Can a non-root user create limited-rights processes without assistance > from the sysadmin, under SElinux? SELinux uses a restrictive model, where privileges can only be removed, not added. - James -- James Morris - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/