On 05/01/14 19:32, Markus Falb wrote: >> >Would selinux would help in this specific case? > Please remember that my example was not about removing/dev/* > but about removing /* , so why just not building as root? Well I am building as root when I understand it is safe to do so. > >> >usually I remember that chroot should help to prevent an issue with it. > > Hm, where to draw the line between prevention and mitigation? Anyways, > do not build on the target machine, e.g. your production server. OK. > It does not really matter in many cases if your development environment is > separated by a chroot or a virtual machine or a whole physical machine. OK > > Use software versioning software > Make Backups > Be prepared to recreate your development environment. OK > > Even if you easily can recreate the development environment, maybe diagnosis > plus recreation takes still more work than not building as root in the first time. This is the basic argument. I encourage to not build as root since it is better to be safe and steady then fast and reckless. > > Anyways, looking at the Subject of this thread I have no clue what you are after. > Even root can not do kernel level operations. Only the kernel can do that, can't it? There are patches for the kernel to allow user-land almost direct access to the kernel resources. In the above case it is better to understand first that there is a possibility in this level. The kernel can be patched to send into the\an user-land software data. I do remember that it was done for iptables extensions. I am sure it is not recommended and it is not the best way to operate a system at all. Eliezer > -- Markus