Chaskiel Grundman wrote: > I'm going to be setting up a shell server in the next few months and > would like to be able to use selinux to lock it down so I can worry > about it less. Unfortunately, there's no policy that I know of that > allows confined user roles (user_r, staff_r, sysadm_r) to access afs. > Has anyone worked on such a thing? Completed it? > > There are 3 areas that would need to be covered: > 1) keyring stuff (confined users cannot search their own keyrings. not > openafs-specific) > 2) Using the udp socket > 3) reading/writing data in the cache (V* files, *Items files) I have two shell servers running RHEL5 with AFS homedirs and selinux enabled with the targeted policy. I had to enable the nfs_home_dirs seboolean, but that's all I recall about getting things to work.
Are looking for a more restrictive policy to use with a policy other than the targeted one? Jason _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
