Hi Daniel!
I agree that the targeted policy is not the way to go, just had to
figure it out ;-)
I am trying to control access to a directory, so that a single program
is the single point of entry to the directory.
Thank you for your answer,
Soren
On 8/22/05, Daniel J Walsh <dwalsh(a)redhat.com> wrote:
Søren Nøhr Christensen wrote:
>Hi all!
>
>Would it be possible to deny all but one subject access to a certain
>directory?
>
Yes.
>And can this be done using the targeted policy as a base?
>
>
You would have to modify unconfined_domain to remove access to this
directory.
Not sure if you want to though. What exactly are you trying to
protect? In targeted
policy, if a user can become root as unconfined_t, they can gain access
to this directory,
either by turning off selinux or by modifying policy.
>I hope for some answers, possibly containing examples.
>
>
>Best regards,
>
>
>Soren Nohr Christensen
>
>--
>fedora-selinux-list mailing list
>fedora-selinux-list(a)redhat.com
>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>
--