From: walid.fakim@cgi.com (Fakim, Walid)
Date: Mon, 17 Oct 2016 21:29:47 +0000
Subject: [refpolicy] Confining services without confining users
Message-ID: <67130EC7AFA3FE4E9290B03665B351F4056B05@SE-EX022.groupinfra.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Hi Dominick et ALL,

Hope you're well.

I have a question around service confinement when on a system the users are not being confined - Let's take the example of httpd. So, the httpd service is confined as default within RHEL.

However, on a system given that user confinement is not being implemented, from an SELinux perspective, what extra measures can be taken? Or will system service confinement suffice?

More generally, what is the consensus around confining services without concurrently confining users?

Thanks.

Best Regards,

Walid Fakim

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20161017/d9588afe/attachment.html