I'm going to be setting up a shell server in the next few months and would
like to be able to use selinux to lock it down so I can worry about it
less. Unfortunately, there's no policy that I know of that allows confined
user roles (user_r, staff_r, sysadm_r) to access afs. Has anyone worked on
such a thing? Completed it?
There are 3 areas that would need to be covered:
1) keyring stuff (confined users cannot search their own keyrings. not
openafs-specific)
2) Using the udp socket
3) reading/writing data in the cache (V* files, *Items files)
TIA.
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
