Hello again, If all my SSH users are "guest_u" users (guest_t domain) and there won't be any admin connecting to the machine...wouldn't it be great to remove the capability sshd_t has in transitioning into unconfined_t? ...by means of a boolean? Thanks, Jorge