Mounting an encrypted volume presents the volume to all users on a machine
Bruno Wolff III
bruno at wolff.to
Tue Oct 26 20:05:46 UTC 2010
On Tue, Oct 26, 2010 at 14:18:55 -0400,
Przemek Klosowski <przemek.klosowski at nist.gov> wrote:
>
> Such user-differentiated authorization is provided by the filesystem
> access rights, ACLs and SELinux attributes. Note that unlike the first
> two mechanisms, SELinux can protect the data even for systems with
> compromised root---as someone said, SELinux can be configured so that
> you can tell people "here's the root password; now break into my computer".
That's overstating things a bit. A root compromise is usually going to allow
working around selinux limitations.
More information about the devel
mailing list