[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-hardened
Subject:    Re: [gentoo-hardened] Limits
From:       Chris PeBenito <pebenito () gentoo ! org>
Date:       2003-06-08 0:22:51
[Download RAW message or body]


On Sat, 2003-06-07 at 04:44, Peter Simons wrote:
> does SELinux provide a way to configure system limits for certain
> contexts, domains, or types? Like limiting the number of CPU seconds
> they can use, etc.

SELinux is only mandatory access control.  Resource limiting like what
you're describing is not covered.  This could be covered by other
packages (or the limits talked about, below).  I think that for a really
hardened system, a couple of the subprojects would be combined. 
Hardened sources will help facilitate this as it improves.  But since
the hardened team is only ~2.5 months old, things are still in the
works. :)

> And if it doesn't, can anyone recommend a way to simulate this?
> 
> Oh, and by the way: I noticed that SELinux Gentoo-style comes with
> duplicate configuration files. The limits file, for instance, is to be
> found in /etc and in /etc/security. Is there a reason for this? And
> which of the two files are actually used by the system?

Well I see /etc/limits and /etc/security/limits.conf on all of my
systems, its not something that SELinux is needing.  BTW, /etc/security
isn't just used for selinux stuff.  /etc/limits comes from
sys-apps/shadow and /etc/security/limits.conf comes from sys-libs/pam. 
I'm not sure exactly how their uses differ.

-- 
Chris PeBenito
<pebenito@gentoo.org>
Developer, SELinux
Hardened Gentoo Linux
 
"Engineering does not require science. Science helps
a lot, but people built perfectly good brick walls
long before they knew why cement works."-Alan Cox

Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243
Key fingerprint = B0E6 877A 883F A57A 8E6A  CB00 BC8E E42D E6AF 9243

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]