-----BEGIN PGP SIGNED MESSAGE-----
On 02/21/2011 11:28 AM, Matthew Davis wrote:
Is it possible? I'm curious if you can restrict root from
given directory and limit it to a specific domain. Maybe this isn't
how targeted policy was designed, and the strict policy is needed. But
I was curious, and couldn't figure out a good way to do it.
selinux mailing list
If you want to write policy for a confined administrator, it is better
to start with, what you want to allow rather then what you want to deny.
In RHEL6 Targeted Policy I can build a policy for a user process running
as root to have access to only limited directories. In RHEL5 you would
need to do this with strict policy.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----