I'm getting started with selinux on FC 4. I'm using the strict policy, but I'd like to restrict it further so that users can only execute a handful of commands. I've tried replacing full_user_role(user_t) with limit_user role, but the drew assertion errors when trying to load the policy, and I tried removing restricting the can_exec in both full and limited_user_role macros in macros/user_macros.te, but (at least from looking at audit to allow) none of this seems to be getting me where I want to be. What is the beast way to remove all access from user_t so that I can add in the commands I want them to be able to run ? Thanks, Todd -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
