Comment by belorn
6 hours ago
There is always selinux if we want to add protection against arbitrary code running as root. Just because something operate as root does not mean it must have privileged access to everything.
6 hours ago
There is always selinux if we want to add protection against arbitrary code running as root. Just because something operate as root does not mean it must have privileged access to everything.
Ouch! SELinux sorta works for the software which is packed in with the operating system which you may or may not care about. If you want to get that software to do something different or have software that you really care about (like the application server that your web site runs on) controlled by SELinux it is difficult enough that the usual answer is "disable SELinux" or "don't apply it"