[CentOS] I want to ask about some Kernel level operations.

Eliezer Croitoru eliezer at ngtech.co.il
Sun Jan 5 21:54:12 UTC 2014


On 05/01/14 19:32, Markus Falb wrote:
>> >Would selinux would help in this specific case?
> Please remember that my example was not about removing/dev/*
> but about removing /* , so why just not building as root?

Well I am building as root when I understand it is safe to do so.

>
>> >usually I remember that chroot should help to prevent an issue with it.
>
> Hm, where to draw the line between prevention and mitigation? Anyways,
> do not build on the target machine, e.g. your production server.
OK.

> It does not really matter in many cases if your development environment is
> separated by a chroot or a virtual machine or a whole physical machine.
OK
>
> Use software versioning software
> Make Backups
> Be prepared to recreate your development environment.
OK
>
> Even if you easily can recreate the development environment, maybe diagnosis
> plus recreation takes still more work than not building as root in the first time.
This is the basic argument.
I encourage to not build as root since it is better to be safe and 
steady then fast and reckless.

>
> Anyways, looking at the Subject of this thread I have no clue what you are after.
> Even root can not do kernel level operations. Only the kernel can do that, can't it?

There are patches for the kernel to allow user-land almost direct access 
to the kernel resources.
In the above case it is better to understand first that there is a 
possibility in this level.
The kernel can be patched to send into the\an user-land software data.
I do remember that it was done for iptables extensions.

I am sure it is not recommended and it is not the best way to operate a 
system at all.

Eliezer

> -- Markus




More information about the CentOS mailing list