> Now if you have a app/admin user process that needs to have full > access to the system but want to make sure he does not modify the MBR > you will have a difficult time writing policy for this. > Not to mention that there are some tools - parted being one - which need access (rw) to that sector of the hdd, regardless of who runs these tools. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
