Fedora Core 7 Policy examples to trim root users rights
Markus Rudel
cent.urio at gmx.net
Sat Nov 10 20:21:26 UTC 2007
Hello everybody,
I'm currently looking into SELinux on Fedora Core 7. Right now, I've
read "SELinux by Example" as well as several other documents on the
net. But no document covers Fedora 7.
Is there documentation especially made for Fedora 7?
My main goals in using SELinux are:
Trim root user rights:
root and normal users shouldn't be able to access other user files.
There should be one seperate user besides root, who can control and
grant access to SELinux rights. The examples from "SELinux by
Example" (page 309 to 311) don't work for me. the newrole command to
switch to user admin don't work.
Limiting access to insmod, lsmod etc. to avoid loading further kernel
modules (I know, the same effect could be accomplished by using a
static kernel, but I'm interested in limiting access to kernel modules
while using a modular kernel).
Limiting access to /dev/kmen to avoid reading memory
Maybe someone can help me with some example policies. I'm not so much
interested in restraining processes, right now, my only concern and
idea is to limit access to files and folders. This is because almost
everything under Linux works with files. So the idea is to control
access on just a few files. This would be very helpful for me.
Right now, I'm smacking my head on the table. After installing and
trying strict, refpolicy and mls policy, I'm stuck.
Thanks for your help
Markus
More information about the fedora-selinux-list
mailing list