This repository has been archived by the owner on Sep 18, 2019. It is now read-only.
Transition to a different context when execusting binaries #4
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
When executing binaries like /usr/bin/pki we should transition to adifferent dopmain so rules like allow execmem are only given to the specific bianry and not necesary for the whole custodia process. In general this wil allow to restrict what can access ther nss databases too.
The text was updated successfully, but these errors were encountered: