<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">On 09/26/2014 09:03 AM, James Hogarth
      wrote:<br>
    </div>
    <blockquote
cite="mid:CAGkb5vc6wPwNF9gtwEBPdwA3hGcELBPYOUrOrsOKn3VmCsL=Xg@mail.gmail.com"
      type="cite">
      <div dir="ltr"><br>
        <div class="gmail_extra"><br>
          <div class="gmail_quote">On 25 September 2014 22:40, Daniel J
            Walsh <span dir="ltr">&lt;<a moz-do-not-send="true"
                href="mailto:dwalsh@redhat.com" target="_blank">dwalsh@redhat.com</a>&gt;</span>
            wrote:<br>
            <blockquote class="gmail_quote" style="margin:0 0 0
              .8ex;border-left:1px #ccc solid;padding-left:1ex"><a
                moz-do-not-send="true"
                href="https://danwalsh.livejournal.com/71122.html"
                target="_blank">https://danwalsh.livejournal.com/71122.html</a><br>
              <span class="HOEnZb"><font color="#888888"><br>
                </font></span></blockquote>
            <div><br>
            </div>
            <div>Good article Dan ... it says clearly what I've been
              trying to drum into people's heads about the role it takes
              and how it confines the activity but an exploit that stays
              within the confines of that activity ... well it has to be
              allowed or else the standard activity would fail ;)</div>
            <div> </div>
          </div>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
    </blockquote>
    Yes. I also got a lot of questions how SELinux helps us with this
    exploit. I believe SELinux helps as much as possible here how Dan
    wrote in his blog. <br>
    <br>
    Of course, there are also booleans to make a system with SELinux
    more restrictive. Also confined users. <br>
  </body>
</html>