Is it possible? I'm curious if you can restrict root from accessing a given directory and limit it to a specific domain. Maybe this isn't how targeted policy was designed, and the strict policy is needed. But I was curious, and couldn't figure out a good way to do it.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 02/21/2011 11:28 AM, Matthew Davis wrote:
Is it possible? I'm curious if you can restrict root from accessing a given directory and limit it to a specific domain. Maybe this isn't how targeted policy was designed, and the strict policy is needed. But I was curious, and couldn't figure out a good way to do it. -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
If you want to write policy for a confined administrator, it is better to start with, what you want to allow rather then what you want to deny.
In RHEL6 Targeted Policy I can build a policy for a user process running as root to have access to only limited directories. In RHEL5 you would need to do this with strict policy.
On Mon, Feb 21, 2011 at 11:32 AM, Daniel J Walsh dwalsh@redhat.com wrote:
In RHEL6 Targeted Policy I can build a policy for a user process running as root to have access to only limited directories. In RHEL5 you would need to do this with strict policy.
That answers my question, unfortunately, i am confined to RHEL5 atm.
Thank-you.
selinux@lists.fedoraproject.org
-
Daniel J Walsh -
Matthew Davis