Initial draft of privilege escalation policy
drago01
drago01 at gmail.com
Wed Jan 20 18:40:50 UTC 2010
On Wed, Jan 20, 2010 at 4:15 AM, Adam Williamson <awilliam at redhat.com> wrote:
> Hi, everyone. As you may know if you've followed the meetings, FESCo has
> cheerfully punted the privilege escalation policy issue back to us; they
> want us to come up with a draft policy to take back to a FESCo meeting.
> * Run an application that listens on a network port lower than 1024
> * Mount or unmount anything (excluding automounted hotplugged storage
> devices, and devices explicitly configured by the root user for
> unprivileged use)
Define "anything" what about fuse mounts? (like sshfs, or those done by gvfs)
More information about the test
mailing list