On Tue, 2011-07-05 at 17:11 -0500, Jeremiah Jahn wrote: > So I'm in the process of Upgrading my servers from RHEL5 to RHEL6. On my > RHEL5 system I had to build the reference policy from scratch in order to > prevent users from being able to transition to init_t through initrc_t. > Basically, I want systems that have to be rebooted in order to restart > certain services, like auditd, or at least be able to split those duties > into different roles. One role can edit a file or install something, but a > different role must restart it. Because life the universe and everything > goes through initrc_t, just about anything on the system running as root can > mess with services. I'd like to highly limit things, and haven't really > looked at any new developments in selinux for about 4 years. What's the best > way/place to start removing domain transitions and requiring additional > roles. Main difference between el5 and el6 policy is that el6 policy is a hybrid policy of the old targeted and strict policy. (strict policy was merged into targeted policy) You can now tune your policy to make it behave like the old strict policy by removing or disabling the unconfined and unconfineduser modules. In Redhat policy only unconfined_t can transition directly to initrc. Sysadm_t needs to use run_init to transition to initrc_t in the system_r role. el6 policy allows you to easily create new roles. So what you could do in my view is, disable or remove both unconfined and unconfineduser modules and then create your own roles, selinux user identities and logins. In that regard el6 policy has pretty much the same properties as current reference policy. > thanks, > -jj-
Attachment:
signature.asc
Description: This is a digitally signed message part
