I have two shell servers running RHEL5 with AFS homedirs and selinux
enabled with the targeted policy. I had to enable the nfs_home_dirs
seboolean, but that's all I recall about getting things to work.
The targeted policy makes user accounts unconfined, which means theu are
exempt from any selinux policy enforcement. This means that weak passwords
+ privilege escalation vulnerabilities = broken server
Are looking for a more restrictive policy to use with a policy other
than the targeted one?
Yes, I want to use the strict policy (or in current terms, I want to use
'semanage login' to map __default__ to user_u, not unconfined_u. root
will remain unconfined_u, so it isn't really strict policy either. it's
somewhere between targeted and strict)
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
