Policies for Devices?
Daniel J Walsh
dwalsh at redhat.com
Sat Apr 11 11:03:33 UTC 2009
On 04/10/2009 11:50 PM, Robert Mykland wrote:
> Folks,
>
> Is there a way I can use policies to prevent a specific device, say a
> USB key, from being written to except by one specific application? If
> so, how would I go about writing that?
>
> Thanks in Advance,
>
> -- Robert.
>
If you define a new device_type and assign it to the device, then you
can prevent all confined domains from using the type. Obviously
unconfined domains and domains that need to work with all devices will
still be able to access the device.
More information about the fedora-selinux-list
mailing list