* How can i remove net_raw capability from unconfined?
@ 2015-09-20 13:20 Gmail
2015-09-21 20:15 ` Stephen Smalley
0 siblings, 1 reply; 2+ messages in thread
From: Gmail @ 2015-09-20 13:20 UTC (permalink / raw)
To: selinux
[-- Attachment #1: Type: text/plain, Size: 408 bytes --]
Hi,
I need to understand how can i remove net_raw capability from unconfined_t
domain, someone can help me?
I need the source policy? Or can i remove another way? The systems are RHEL
6 and RHEL 7.
Thanks in advance,
Maurizio Pagani (LordFire in #SELinux)
---
Questa e-mail è stata controllata per individuare virus con Avast antivirus.
https://www.avast.com/antivirus
[-- Attachment #2: Type: text/html, Size: 2912 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: How can i remove net_raw capability from unconfined?
2015-09-20 13:20 How can i remove net_raw capability from unconfined? Gmail
@ 2015-09-21 20:15 ` Stephen Smalley
0 siblings, 0 replies; 2+ messages in thread
From: Stephen Smalley @ 2015-09-21 20:15 UTC (permalink / raw)
To: Gmail, selinux
On 09/20/2015 09:20 AM, Gmail wrote:
> Hi,
>
>
>
> I need to understand how can i remove net_raw capability from
> unconfined_t domain, someone can help me?
>
> I need the source policy? Or can i remove another way? The systems are
> RHEL 6 and RHEL 7.
Yes, you would need to download the policy sources, modify the
unconfined policy module, rebuild it, and install your modified version.
It may be easier to instead define a new domain of your own that is
allowed everything but net_raw.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-09-21 20:15 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-09-20 13:20 How can i remove net_raw capability from unconfined? Gmail
2015-09-21 20:15 ` Stephen Smalley
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.