On 05/01/14 19:32, Markus Falb wrote:
Would selinux would help in this specific case?
Please remember that my example was not about removing/dev/* but about removing /* , so why just not building as root?
Well I am building as root when I understand it is safe to do so.
usually I remember that chroot should help to prevent an issue with it.
Hm, where to draw the line between prevention and mitigation? Anyways, do not build on the target machine, e.g. your production server.
OK.
It does not really matter in many cases if your development environment is separated by a chroot or a virtual machine or a whole physical machine.
OK
Use software versioning software Make Backups Be prepared to recreate your development environment.
OK
Even if you easily can recreate the development environment, maybe diagnosis plus recreation takes still more work than not building as root in the first time.
This is the basic argument. I encourage to not build as root since it is better to be safe and steady then fast and reckless.
Anyways, looking at the Subject of this thread I have no clue what you are after. Even root can not do kernel level operations. Only the kernel can do that, can't it?
There are patches for the kernel to allow user-land almost direct access to the kernel resources. In the above case it is better to understand first that there is a possibility in this level. The kernel can be patched to send into the\an user-land software data. I do remember that it was done for iptables extensions.
I am sure it is not recommended and it is not the best way to operate a system at all.
Eliezer
-- Markus