<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 09/26/2014 09:03 AM, James Hogarth
wrote:<br>
</div>
<blockquote
cite="mid:CAGkb5vc6wPwNF9gtwEBPdwA3hGcELBPYOUrOrsOKn3VmCsL=Xg@mail.gmail.com"
type="cite">
<div dir="ltr"><br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 25 September 2014 22:40, Daniel J
Walsh <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:dwalsh@redhat.com" target="_blank">dwalsh@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex"><a
moz-do-not-send="true"
href="https://danwalsh.livejournal.com/71122.html"
target="_blank">https://danwalsh.livejournal.com/71122.html</a><br>
<span class="HOEnZb"><font color="#888888"><br>
</font></span></blockquote>
<div><br>
</div>
<div>Good article Dan ... it says clearly what I've been
trying to drum into people's heads about the role it takes
and how it confines the activity but an exploit that stays
within the confines of that activity ... well it has to be
allowed or else the standard activity would fail ;)</div>
<div> </div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
Yes. I also got a lot of questions how SELinux helps us with this
exploit. I believe SELinux helps as much as possible here how Dan
wrote in his blog. <br>
<br>
Of course, there are also booleans to make a system with SELinux
more restrictive. Also confined users. <br>
</body>
</html>