On (26/08/16 15:42), Lukas Slebodnik wrote:
>On (26/08/16 15:18), Jakub Hrozek wrote:
>>On Fri, Aug 26, 2016 at 03:17:07PM +0200, Jakub Hrozek wrote:
>>> On Fri, Aug 26, 2016 at 10:23:59AM +0200, Jakub Hrozek wrote:
>>> > On Fri, Aug 19, 2016 at 12:30:40PM +0200, Lukas Slebodnik wrote:
>>> > > ehlo
On (26/08/16 15:18), Jakub Hrozek wrote:
>On Fri, Aug 26, 2016 at 03:17:07PM +0200, Jakub Hrozek wrote:
>> On Fri, Aug 26, 2016 at 10:23:59AM +0200, Jakub Hrozek wrote:
>> > On Fri, Aug 19, 2016 at 12:30:40PM +0200, Lukas Slebodnik wrote:
>> > > ehlo,
>> > >
>> > > Root can read anything from any
On Fri, Aug 26, 2016 at 03:17:07PM +0200, Jakub Hrozek wrote:
> On Fri, Aug 26, 2016 at 10:23:59AM +0200, Jakub Hrozek wrote:
> > On Fri, Aug 19, 2016 at 12:30:40PM +0200, Lukas Slebodnik wrote:
> > > ehlo,
> > >
> > > Root can read anything from any directory even with permissions 000.
> > >
> >
On Fri, Aug 26, 2016 at 10:23:59AM +0200, Jakub Hrozek wrote:
> On Fri, Aug 19, 2016 at 12:30:40PM +0200, Lukas Slebodnik wrote:
> > ehlo,
> >
> > Root can read anything from any directory even with permissions 000.
> >
> > However SELinux checks discretionary access control (DAC)
> > and deny ac
On Fri, Aug 19, 2016 at 12:30:40PM +0200, Lukas Slebodnik wrote:
> ehlo,
>
> Root can read anything from any directory even with permissions 000.
>
> However SELinux checks discretionary access control (DAC)
> and deny access if access is not allowed for root by DAC.
> The pam_sss use different u
