Hi Daniel! I agree that the targeted policy is not the way to go, just had to figure it out ;-) I am trying to control access to a directory, so that a single program is the single point of entry to the directory. Thank you for your answer, Soren On 8/22/05, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > Søren Nøhr Christensen wrote: > > >Hi all! > > > >Would it be possible to deny all but one subject access to a certain > >directory? > > > Yes. > > >And can this be done using the targeted policy as a base? > > > > > You would have to modify unconfined_domain to remove access to this > directory. > Not sure if you want to though. What exactly are you trying to > protect? In targeted > policy, if a user can become root as unconfined_t, they can gain access > to this directory, > either by turning off selinux or by modifying policy. > > >I hope for some answers, possibly containing examples. > > > > > >Best regards, > > > > > >Soren Nohr Christensen > > > >-- > >fedora-selinux-list mailing list > >fedora-selinux-list@xxxxxxxxxx > >http://www.redhat.com/mailman/listinfo/fedora-selinux-list > > > > > > > -- > > > -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
