MCS File store protection
David Compton
dacompton at gmail.com
Mon Aug 25 15:29:00 UTC 2014
Agreed. The group who blesses systems in my environment recommended that
we look into the use of MAC to guarantee separation.
On Mon, Aug 25, 2014 at 10:33 AM, <m.roth at 5-cent.us> wrote:
> David Compton wrote:
> > I am considering using SELinux to secure the file system of a server that
> > will be used as a multiple category file store. The individual
> categories
> > cannot have the ability to access data in a directory of a different
> > category. Users for each category will need to access the server via
> > samba
> > and NFS. Additional user interfaces my become necessary in the future
> > (http(s), (s)ftp, etc).
> >
> > I am new to writing SELinux policies and was hoping that someone could
> > point me in the direction of a template for a similar design that I could
> > use as a base.
> >
> I suppose, though regular *Nix groups would seem to work just as well,
> along with the samba configuration.
>
> mark
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20140825/c5c70480/attachment.html>
More information about the selinux
mailing list