Confining Applications running as root user

Anamitra Dutta Majumdar (anmajumd) anmajumd at
Tue Aug 11 22:54:34 UTC 2009


We are trying to migrate our existing security policies to SELinux. We
are new to SELinux and hence are finding it difficult to map our
existing policies.

In our existing policy, all applications (including ones running as root
user) with the exception of insmod and modprobe, are denied access to
/lib directory. How would we go about writing such a policy without
actually confining every application manually, since that would indeed
be cumbersome?

Anamitra & Radha.

More information about the fedora-selinux-list mailing list