Difference between unconfined and unconfineduser modules
Daniel J Walsh
dwalsh at redhat.com
Tue Jan 15 21:04:00 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/15/2013 03:57 PM, Anamitra Dutta Majumdar (anmajumd) wrote:
>
>> Hi Dan/Dominick,
>
> What is the major difference between unconfined and unconfineduser policy
> modules in RHEL6. And if we wanted to remove the unconfined domains would
> it be enough to just remove the module Unconfined.
>
> Thanks, Anamitra
>
> -- selinux mailing list selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
http://danwalsh.livejournal.com/42394.html
unconfineduser basically controlls unconfined_t while unconfined, allows
domains like initrc_t and friends to be unconfined.
I disable unconfined but leave unconfineduser, since I believe the sysadmin_t
is not that valuable from a security point of view.
I login as staff_t and transition to unconfined_t when I run sudo.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlD1xEAACgkQrlYvE4MpobORtwCg0UTxe7r6uwibMrrPkoLRMPHA
XEAAoOE/GLkU0En6NpvkXK4hzdD6uf3+
=ourL
-----END PGP SIGNATURE-----
More information about the selinux
mailing list