On Thu, Jan 29, 2009 at 13:26:24 -0600, Jeff Barnes <hybridjeffbarnes@xxxxxxxxxxxxx> wrote: > Are there commands with this functionality in Fedora? > If not what would it take to make them happen in general? > Reasons would be ease of security application and another reason is > that Enterprise has restrictions on altering SElinux policies > which effect warranty. If this functionality were a logic binary AND > with SELinux then we would not ever need to change default SElinux > policies. iptables has an extension that allows you to filter on uids or gids. For processes or files I think you want to use selinux. > ________________________________________________________________ > /sbin/PORTS_ALLOW_FOR_USER username list of ports > /sbin/PORTS_DENY_FOR_USER username list of ports > /sbin/LIST_ALLOWED_PORTS_FOR_USER username > > /sbin/PORTS_ALLOW_FOR_FILE filename list of ports > /sbin/PORTS_DENY_FOR_FILE filename list of ports > /sbin/LIST_ALLOWED_PORTS_FOR_FILE filename > > /sbin/PORTS_ALLOW_FOR_PROCESS processID list of ports > /sbin/PORTS_DENY_FOR_PROCESS processID list of ports > /sbin/LIST_ALLOWED_PORTS_FOR_PROCESS processID > ___________________________________________________________________________ > /sbin/PRIVILEGES_ALLOW_FOR_USER username list_of_privileges_or_levels > /sbin/PRIVILEGES_DENY_FOR_USER username list_of_privileges_or_levels > /sbin/LIST_ALLOWED_PRIVS_FOR_USER username list_of_privileges_or_levels > > /sbin/PRIVILEGES_ALLOW_FOR_FILE filename list_of_privileges > /sbin/PRIVILEGES_DENY_FOR_FILE filename list_or_privileges > /sbin/LIST_ALLOWED_PRIVILIGES_FOR_FILE filename > > /sbin/PRIVILEGES_ALLOW_FOR_PROCESS processnameID list_of_privileges > /sbin/PRIVILEGES_DENY_FOR_PROCESS processnameID list_of_privileges > /sbin/LIST_ALLOWED_PRIVILEGES_FOR_PROCESS processID > _____________________________________________________________________________ -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
