Chaskiel Grundman wrote: >> I have two shell servers running RHEL5 with AFS homedirs and selinux >> enabled with the targeted policy. I had to enable the nfs_home_dirs >> seboolean, but that's all I recall about getting things to work. >> > The targeted policy makes user accounts unconfined, which means theu > are exempt from any selinux policy enforcement. This means that weak > passwords + privilege escalation vulnerabilities = broken server > >> Are looking for a more restrictive policy to use with a policy other >> than the targeted one? > > Yes, I want to use the strict policy (or in current terms, I want to > use 'semanage login' to map __default__ to user_u, not unconfined_u. > root will remain unconfined_u, so it isn't really strict policy > either. it's somewhere between targeted and strict) hmmm,
thanks for the info. I kind of knew that, but I hadn't really thought about it before. Jason _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
