From: selinux-bounces(a)lists.fedoraproject.org [mailto:selinux-
bounces(a)lists.fedoraproject.org] On Behalf Of Alain Williams
This is what my workaround is. However: I would like to work out how to do
it directly
by writing selinux rules/... - the purpose is as much to teach me how to do
things
with selinux as to achive the end result.
So: back to my original question ....
I'm not completely sure I understand your question -
selinux is an additional layer of security, above and beyond the usual posix permission
bits and so forth that you normally have.
AFAIK, all selinux can do is to block some things from happening which would have
otherwise been permitted by your non-selinux environment.
That being said ... What is it that you wish to block?
With the answer to this question, you can start figuring out what policy you wish to
employ.