Paranoia for helpers - best practices
Federico Mena Quintero
federico at novell.com
Thu Mar 25 10:40:16 PDT 2010
On Wed, 2010-03-24 at 21:09 -0400, Matthias Clasen wrote:
> Of course, one answer is to contain your service using selinux policy,
> but thats a rather big hammer, and not everybody is in the position to
> just walk over to Dan Walsh's desk to have that sorted out....
Yeah, selinux is not an option.
In my mind selinux is "I have a really big codebase that I need to
more-or-less sandbox".
PK helpers should be as small as possible, so they are in principle easy
to make secure.
Federico
More information about the polkit-devel
mailing list