"Martin Cooper" <mjc @
>I thought Rick had posted to the list saying that having no root
>entry for uid 0 would cause problems with booting into single
>user mode, but perhaps it was someone else.
The explanation took a wrong turn, then. Yes, there is an entry for
UID 0 and a user called "root." It's just that the behavior of this
"root" user is still constrained by Type Enforcement rules. In
particular, nobody, not even root, can install executables or change
Type Enforcement rules when the system is in normal operation.
We designed the system so we could easily port network server software
and run it securely. That requires an execution context that pretty
much looks and acts like root (UID 0, etc), while being constrained by
enforcing "least privilege" on its behavior.