-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/15/2013 03:57 PM, Anamitra Dutta Majumdar (anmajumd) wrote:
Hi Dan/Dominick,
What is the major difference between unconfined and unconfineduser policy modules in RHEL6. And if we wanted to remove the unconfined domains would it be enough to just remove the module Unconfined.
Thanks, Anamitra
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
http://danwalsh.livejournal.com/42394.html
unconfineduser basically controlls unconfined_t while unconfined, allows domains like initrc_t and friends to be unconfined.
I disable unconfined but leave unconfineduser, since I believe the sysadmin_t is not that valuable from a security point of view.
I login as staff_t and transition to unconfined_t when I run sudo.