let me start by saying I'm new to selinux and writing policies. Let me explain what I'm trying to do.
I've setup 2 copies of /bin/bash for user1 and user2:
-rwxr-xr-x 1 root root 801512 Oct 21 2008 /bin/bash
-r-sr-s---+ 1 root root 801512 Oct 21 2008 /bin/bash1
-r-sr-s---+ 1 root root 801512 Oct 21 2008 /bin/bash2
Both bash1 and bash2 have acls to restrict their access:
# file: bin/bash1
# owner: root
# group: root
user::r-x
group::r-x
group:user1:r-x
mask::r-x
other::---
# file: bin/bash2
# owner: root
# group: root
user::r-x
group::r-x
group:user2:r-x
mask::r-x
other::---
Now what I was hoping to do was to use SELinux to limit which files and folders user1 and user2 could read, write, execute and delete. In this example I'd like to write a simple policy that would limit read access to user1 on folder /mydir/test but user2 could read and write to any files in the folder.
My ultimate goal is to use SELinux for doing RBAC (role base access control). I'm using this example as an easy starting point for me to learn how to use SELinux to control user access when those users have root access.
Thank you.
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
