selinux question

Printable View

01-16-2012
alejandrome

selinux question

Hellow,

I have a question about selinux.

Is it possible to prohibit root to access to a directory/filesystem?

I have tried it but I have no success.

Thank you very much.
Alejandro
01-16-2012
jayd512

Hello and Welcome!

Are you asking if you can actually stop root from accessing a file or directory?
If so... no.
Root is all-knowing, all-seeing and all-powerful.
01-16-2012
alejandrome

Hi Jay,

This was exactly my question using selinux.
I know it´s impossible in a standar linux.
I thought selinux did not solve my question but I was not sure.

Thanks a lot for your answer.
Alejandro
01-17-2012
unspawn

Quote:

Originally Posted by jayd512

Are you asking if you can actually stop root from accessing a file or directory?
If so... no.
Root is all-knowing, all-seeing and all-powerful.

I always understood that more elaborate separation of privileges is what one would build a SELinux MCS or MLS policy for. See "Viewing audit logs" in SELinux/FedoraMLSHowto - FedoraProject for a practical example of what I mean.

All times are GMT. The time now is 03:48 AM.

Powered by vBulletin® Version 4.2.1
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.6.1