Questions on the targeted policy
Daniel J Walsh
dwalsh at redhat.com
Mon Aug 22 14:46:50 UTC 2005
Søren Nøhr Christensen wrote:
>Hi all!
>
>Would it be possible to deny all but one subject access to a certain
>directory?
>
Yes.
>And can this be done using the targeted policy as a base?
>
>
You would have to modify unconfined_domain to remove access to this
directory.
Not sure if you want to though. What exactly are you trying to
protect? In targeted
policy, if a user can become root as unconfined_t, they can gain access
to this directory,
either by turning off selinux or by modifying policy.
>I hope for some answers, possibly containing examples.
>
>
>Best regards,
>
>
>Soren Nohr Christensen
>
>--
>fedora-selinux-list mailing list
>fedora-selinux-list at redhat.com
>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>
--
More information about the fedora-selinux-list
mailing list