[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Questions on the targeted policy



Søren Nøhr Christensen wrote:

Hi all!

Would it be possible to deny all but one subject access to a certain
directory?


Yes.

And can this be done using the targeted policy as a base?


You would have to modify unconfined_domain to remove access to this directory.
Not sure if you want to though. What exactly are you trying to protect? In targeted
policy, if a user can become root as unconfined_t, they can gain access to this directory,
either by turning off selinux or by modifying policy.


I hope for some answers, possibly containing examples.


Best regards,


Soren Nohr Christensen

--
fedora-selinux-list mailing list
fedora-selinux-list redhat com
http://www.redhat.com/mailman/listinfo/fedora-selinux-list




--



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]