Bind updating root hint data file enfj dating infp

This group should be used instead of approaches such as putting nonroot users into the sudoers(5) file.

1 Users may not access files and subdirectories inside any /proc/[pid] directories but their own (the /proc/[pid] directories themselves remain visible).

Sensitive files such as /proc/[pid]/cmdline and /proc/[pid]/status are now protected against other users.

In SELinux, this attribute is reset on execve(2), so that the new program reverts to the default behavior for any file creation calls it may make, but the attribute will per‐ sist across multiple file creation calls within a program unless it is explicitly reset.

In SELinux, a process can set only its own /proc/[pid]/attr/fscreate attribute.

This means that /proc/[pid] entries can no longer be used to discover the PIDs on the system.

This doesn't hide the fact that a process with a specific PID value exists (it can be learned by other means, for example, by "kill -0 $PID"), but it hides a process's UID and GID, which could other‐ wise be learned by employing stat(2) on a /proc/[pid] directory.

The argument, n, is one of the fol‐ lowing values: 0 Everybody may access all /proc/[pid] directories.

This is the traditional behavior, and the default if this mount option is not specified.

These files are normally owned by the effective user and effective group ID of the process.

However, as a security measure, the ownership is made root:root if the process's "dumpable" attribute is set to a value other than 1.

Resetting the "dumpable" attribute to 1 reverts the ownership of the /proc/[pid]/* files to the process's real UID and real GID.

Tags: , ,