-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/21/2011 11:28 AM, Matthew Davis wrote:
Is it possible? I'm curious if you can restrict root from
accessing a
given directory and limit it to a specific domain. Maybe this isn't
how targeted policy was designed, and the strict policy is needed. But
I was curious, and couldn't figure out a good way to do it.
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
If you want to write policy for a confined administrator, it is better
to start with, what you want to allow rather then what you want to deny.
In RHEL6 Targeted Policy I can build a policy for a user process running
as root to have access to only limited directories. In RHEL5 you would
need to do this with strict policy.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org/
iEYEARECAAYFAk1ik4QACgkQrlYvE4MpobNYQgCeIxDlavdkAnfoBpYs0/X6m/hP
arUAoI3D2K9XnS24s+lB9Zdc8rxlLQ3m
=WGxy
-----END PGP SIGNATURE-----