Can anyone tell me if there is a way to use SELinux under the targeted policy to enforce a default deny rule that prevents all processes from accessing the network? That is to say, all types including unconfined_t may not access eth0, with just a few excepted types that are allowed to network? I'm trying to lock down a system from the inside without having to deal with the strict policy. Thanks, Stephen Brueckner, ATC-NY -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
