Displaying 2 results from an estimated 2 matches for "sysadm_t".
Did you mean:
sysadm_u
2015 Jan 26
0
How to prevent root from managing/disabling SELinux
...39;s everyone except a new
> security_admin_t permission to modify those files might work?
>
> Has anyone actually attempted this?
>
You would need to disable the unconfined.pp module and the
unconfineduser.pp module
and run all of your users as confined user including the admin user as
sysadm_t.
You could also set the secure_ booleans
getsebool -a | grep secure_*
secure_mode --> off
secure_mode_insmod --> off
secure_mode_policyload --> off
2015 Jan 23
2
How to prevent root from managing/disabling SELinux
At work I'm used to tools like eTrust Access Control (aka SEOS). eTrust
takes away the ability to manage the eTrust config from root and puts it
in the hands of "security admin". So there's a good separation of duties;
security admin control the security ruleset, but are limited by the OS
permissions (so even if they granted themselves permission to modify
/etc/shadow, the