Questions on the targeted policy
Søren Nøhr Christensen
sonoch at gmail.com
Tue Aug 23 01:26:35 UTC 2005
Hi Daniel!
I agree that the targeted policy is not the way to go, just had to
figure it out ;-)
I am trying to control access to a directory, so that a single program
is the single point of entry to the directory.
Thank you for your answer,
Soren
On 8/22/05, Daniel J Walsh <dwalsh at redhat.com> wrote:
> Søren Nøhr Christensen wrote:
>
> >Hi all!
> >
> >Would it be possible to deny all but one subject access to a certain
> >directory?
> >
> Yes.
>
> >And can this be done using the targeted policy as a base?
> >
> >
> You would have to modify unconfined_domain to remove access to this
> directory.
> Not sure if you want to though. What exactly are you trying to
> protect? In targeted
> policy, if a user can become root as unconfined_t, they can gain access
> to this directory,
> either by turning off selinux or by modifying policy.
>
> >I hope for some answers, possibly containing examples.
> >
> >
> >Best regards,
> >
> >
> >Soren Nohr Christensen
> >
> >--
> >fedora-selinux-list mailing list
> >fedora-selinux-list at redhat.com
> >http://www.redhat.com/mailman/listinfo/fedora-selinux-list
> >
> >
>
>
> --
>
>
>
More information about the fedora-selinux-list
mailing list