default deny for uncofined_t using targeted?
Steve Brueckner
steve at atc-nycorp.com
Thu Nov 17 23:32:11 UTC 2005
Can anyone tell me if there is a way to use SELinux under the targeted
policy to enforce a default deny rule that prevents all processes from
accessing the network? That is to say, all types including unconfined_t may
not access eth0, with just a few excepted types that are allowed to network?
I'm trying to lock down a system from the inside without having to deal with
the strict policy.
Thanks,
Stephen Brueckner, ATC-NY
More information about the fedora-selinux-list
mailing list