Agreed. The group who blesses systems in my environment recommended that we look into the use of MAC to guarantee separation.
On Mon, Aug 25, 2014 at 10:33 AM, m.roth@5-cent.us wrote:
David Compton wrote:
I am considering using SELinux to secure the file system of a server that will be used as a multiple category file store. The individual
categories
cannot have the ability to access data in a directory of a different category. Users for each category will need to access the server via samba and NFS. Additional user interfaces my become necessary in the future (http(s), (s)ftp, etc).
I am new to writing SELinux policies and was hoping that someone could point me in the direction of a template for a similar design that I could use as a base.
I suppose, though regular *Nix groups would seem to work just as well, along with the samba configuration.
mark
selinux@lists.fedoraproject.org