-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/21/2011 11:28 AM, Matthew Davis wrote: > Is it possible? I'm curious if you can restrict root from accessing a > given directory and limit it to a specific domain. Maybe this isn't > how targeted policy was designed, and the strict policy is needed. But > I was curious, and couldn't figure out a good way to do it. > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux If you want to write policy for a confined administrator, it is better to start with, what you want to allow rather then what you want to deny. In RHEL6 Targeted Policy I can build a policy for a user process running as root to have access to only limited directories. In RHEL5 you would need to do this with strict policy. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk1ik4QACgkQrlYvE4MpobNYQgCeIxDlavdkAnfoBpYs0/X6m/hP arUAoI3D2K9XnS24s+lB9Zdc8rxlLQ3m =WGxy -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
