> From: selinux-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:selinux- > bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Alain Williams > > This is what my workaround is. However: I would like to work out how to do > it directly > by writing selinux rules/... - the purpose is as much to teach me how to do > things > with selinux as to achive the end result. > > So: back to my original question .... I'm not completely sure I understand your question - selinux is an additional layer of security, above and beyond the usual posix permission bits and so forth that you normally have. AFAIK, all selinux can do is to block some things from happening which would have otherwise been permitted by your non-selinux environment. That being said ... What is it that you wish to block? With the answer to this question, you can start figuring out what policy you wish to employ. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux