tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: /sbin/reboot and secmodel

der Mouse wrote:
I'm wondering if there's a way we can "encapsulate" the entire reboot
process, such that a user can initiate it -- but not interfere with

sudo?  Between the restrictions on a nonprivileged user meddling with
another user's process and reboot(8) ignoring tty-generated signals,
there isn't much the user can do once reboot gets far enough to ignroe
signals.  (It probably should ignore more signals, though; I'm not sure
SIGTTOU can't be abused to stop it partway.)

Is sudo even an option in our context? also, do we want to tell people
"...and you have to use this 3rd-party tool, too, to make your secmodel
work"? :)


Home | Main Index | Thread Index | Old Index