-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/15/2013 03:57 PM, Anamitra Dutta Majumdar (anmajumd) wrote: > >> Hi Dan/Dominick, > > What is the major difference between unconfined and unconfineduser policy > modules in RHEL6. And if we wanted to remove the unconfined domains would > it be enough to just remove the module Unconfined. > > Thanks, Anamitra > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > > http://danwalsh.livejournal.com/42394.html unconfineduser basically controlls unconfined_t while unconfined, allows domains like initrc_t and friends to be unconfined. I disable unconfined but leave unconfineduser, since I believe the sysadmin_t is not that valuable from a security point of view. I login as staff_t and transition to unconfined_t when I run sudo. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlD1xEAACgkQrlYvE4MpobORtwCg0UTxe7r6uwibMrrPkoLRMPHA XEAAoOE/GLkU0En6NpvkXK4hzdD6uf3+ =ourL -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
