Hello list,
I've written my first SELinux policy, and was wondering if this was the right place to ask for feedback for newly written policy. Apologies in advance if it isn't.
The policy can be viewed here:
The goal of the policy is to confine a service into a domain, and lock it down as much as possible.
What I appear to have accomplished thus far is that only the sysadm_t type is allowed to transition into the domain via an executable, and only via that transition can the service access it's files.
If anyone spots something that looks off, please feel free to get in touch.
Regards,
Mark Steele
CISSP, GPEN, GCIA, CSM
LinkedIn: https://ca.linkedin.com/in/markrsteele
Github: https://github.com/marksteele
Personal: http://www.control-alt-del.org
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
