10 Sep
2013
10 Sep
'13
1:02 a.m.
From: "Russell Coker" <russell@coker.com.au>
Apart from a few exceptions the SE Linux design is based on a default of deny
That is true and definitely adds a layer. Whether it is SELinux or containers - you rely on kernel code. Both can have vulnerabilities. SELinux is sharing the same name space with the rest of the system - so you can reach other services, files etc. by misconfiguration. People are lazy. The easiest way to get it work: allow everything for all. I just help someone to have a test instance of a website. There is a form writing data to one DB table (contact): What do I see: GRANT ALL for db.* for user anyone (no password). Regards Peter