Hi All, I have Linux 2.6.27 on a non-popular Linux distro, and I have the following SELinux package versions : > checkpolicy-2.0.19 > libselinux-2.0.85 > libsemanage-2.0.33 > libsepol-2.0.37 > policycoreutils-2.0.69 > sepolgen-1.0.17 I know SELinux's is governing framework is that by default everything is DENIED, except all accesses that are explicitly allowed in the policy... Is there anyway whatsoever to reverse that philosophy ? In other words, is it possible to configure things and write policy in a way such that: Only explicit things are disallowed... So whenever no explicit policy exists for an access request it is actually ALLOWED. This way, if I write a new task or process, I don't have to write new policy for it to allow all the things it needs. By default things will just be allowed, unless some of those accesses have been explicitly disallowed in policy ? My guess is that this CANT be done... But thought I would ask anyway ? Also can SELinux mappings be created for a Unix Group, as opposed to mapping to individual Linux Users ? Thanks. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
