Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...
|
Re: strict policy: msg#00164
|
Subject: |
Re: strict policy |
Todd Merritt wrote:
I'm getting started with selinux on FC 4. I'm using the strict policy,
but I'd like to restrict it further so that users can only execute a
handful of commands. I've tried replacing full_user_role(user_t) with
limit_user role, but the drew assertion errors when trying to load the
policy, and I tried removing restricting the can_exec in both full and
limited_user_role macros in macros/user_macros.te, but (at least from
looking at audit to allow) none of this seems to be getting me where I
want to be. What is the beast way to remove all access from user_t so
that I can add in the commands I want them to be able to run ?
First update to the latest rawhide strict policy. We have not been
updating strict policy for FC4.
Then you probably need to remove can_exec lines from base_user_macros.
Problem is eliminating
them might set you up with a solution where a user can not login. Are
you doing this with a X Windows System, or
a server?
Thanks,
Todd
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
|
| |
