Re: Difference between unconfined and unconfineduser modules

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/15/2013 03:57 PM, Anamitra Dutta Majumdar (anmajumd) wrote:
> 
>> Hi Dan/Dominick,
> 
> What is the major difference between unconfined and unconfineduser policy 
> modules in RHEL6. And if we wanted to remove the unconfined domains would
> it be enough to just remove the module Unconfined.
> 
> Thanks, Anamitra
> 
> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx 
> https://admin.fedoraproject.org/mailman/listinfo/selinux
> 
> 
http://danwalsh.livejournal.com/42394.html

unconfineduser basically controlls unconfined_t while unconfined, allows
domains like initrc_t and friends to be unconfined.

I disable unconfined but leave unconfineduser, since I believe the sysadmin_t
is not that valuable from a security point of view.

I login as staff_t and transition to unconfined_t when I run sudo.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlD1xEAACgkQrlYvE4MpobORtwCg0UTxe7r6uwibMrrPkoLRMPHA
XEAAoOE/GLkU0En6NpvkXK4hzdD6uf3+
=ourL
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux



[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux