Hi All-
Wonderful information and good thread. Thanks! We have a piece of vendor code that is replicating several fiber attached LUNs. We believe there is a software has a mis-configuration causing /dev/sda vs /dev/sdaa (one of the many LUNS) to have its MBR zeroed.
SELinux seems like an appropriate tool to at least monitor access if not allow full blocking.
Write protection is not an option as its a PERC controller and /dev/sda is the boot mirror (unless there are known alternatives)?
Thanks again all,
George
On Tue, Sep 6, 2011 at 10:06 AM, Mr Dash Four <mr.dash.four@xxxxxxxxxxxxxx> wrote:
Not to mention that there are some tools - parted being one - which need
> Now if you have a app/admin user process that needs to have full
> access to the system but want to make sure he does not modify the MBR
> you will have a difficult time writing policy for this.
>
access (rw) to that sector of the hdd, regardless of who runs these tools.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
