Søren Nøhr Christensen wrote:
Hi all!
Would it be possible to deny all but one subject access to a certain
directory?
Yes.
And can this be done using the targeted policy as a base?
You would have to modify unconfined_domain to remove access to this
directory.
Not sure if you want to though. What exactly are you trying to
protect? In targeted
policy, if a user can become root as unconfined_t, they can gain access
to this directory,
either by turning off selinux or by modifying policy.
I hope for some answers, possibly containing examples.
Best regards,
Soren Nohr Christensen
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
