> >
> > - Making sysklogd and klogd immutable
> ---
> Das ok. With mount, I can just mount over the top of them, killoff current ones, restart my
> new ones.
You can't remount the root fs while running.
> That would be horrible. I'd have anything w/pathnames in a userspace daemon -- but the
> kernel still needs to emit the event that a process w/luid=daemon and uid=root exec'ed some program.
> Then the user-land daemon handles the table of 'baddies'. Alternatively we get MAC in place. Just
> using 'Integrity: level=deamon, class=deamon" for all daemon executable files and then set the
> integrity level the same on user-land daemons. Then the OS will automatically disallow execution
> of any program not marked with the proper Integrity label. Labels can only be changed with
> CAP_MAC_OVERRIDE which wouldn't be set for userland daemons.
That means a userlevel thingy manages these thing. The 'chicken and egg'
problem.
Igmar
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon May 15 2000 - 21:00:13 EST