>>>>> "DJW" == Daniel J Walsh <dwalsh@xxxxxxxxxx> writes: DJW> We could do something like this with attributes. I wonder if this would help my situation with denyhosts. The problem with denyhosts is that it needs to write to /etc/hosts.deny, which means that from the standpoint of selinux it needs to write to etc_t, which means it gets to write to /etc/passwd as well. I've not bothered to even attempt to write a policy for denyhosts given that it would be mostly pointless if it would still get to trash /etc. - J< -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
