Re: Difference between unconfined and unconfineduser modules
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/15/2013 03:57 PM, Anamitra Dutta Majumdar (anmajumd) wrote:
> Hi Dan/Dominick,
What is the major difference between unconfined and unconfineduser policy
modules in RHEL6. And if we wanted to remove the unconfined domains would
it be enough to just remove the module Unconfined.
Thanks, Anamitra
-- selinux mailing list selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
http://danwalsh.livejournal.com/42394.html
unconfineduser basically controlls unconfined_t while unconfined, allows
domains like initrc_t and friends to be unconfined.
I disable unconfined but leave unconfineduser, since I believe the sysadmin_t
is not that valuable from a security point of view.
I login as staff_t and transition to unconfined_t when I run sudo.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlD1xEAACgkQrlYvE4MpobORtwCg0UTxe7r6uwibMrrPkoLRMPHA
XEAAoOE/GLkU0En6NpvkXK4hzdD6uf3+
=ourL
-----END PGP SIGNATURE-----