-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/23/2010 02:00 PM, Jorge Fábregas wrote: > Hello again, > > If all my SSH users are "guest_u" users (guest_t domain) and there won't be > any admin connecting to the machine...wouldn't it be great to remove the > capability sshd_t has in transitioning into unconfined_t? ...by means of a > boolean? > > Thanks, > Jorge > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > > Theoretically we have this. unconfined_login -> on Allow a user to login as an unconfined domain (Not sure it works. Well one thing you could try is to disable the unconfineduser policy package, This would eliminate the unconfined_t from your system altogether. Then you would have to setup the admin (root) to log in as sysadm_t. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk0TnlcACgkQrlYvE4MpobPcQgCfeW2dxmylBNsZKIaQnfsDXnln r3cAnApl2p6iD2b5VpNOuTf353YARLqx =dzdw -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
