selinux January 2010 archive
Main Archive Page > Month Archives  > selinux archives
selinux: Stopping COTS from accessing root directory

Stopping COTS from accessing root directory

From: Gregg Tomas <java_gregg_at_nospam>
Date: Fri Jan 29 2010 - 00:28:37 GMT

Hello Everyone,

Bare with me, I am fairly new to SELinux policy writing.

How do you write a rule to stop an application from accessing the root (/) directory? I am running Open Office (openoffice_exec_t) and whenever I open the open dialog (From the menubar, File
-> Open) , on the top right of the open dialog, there are 3 buttons.
The left most button is the "up one level" button. If you click and hold your mouse left button down on it, a sub menu appears and display a menu item called Workplace. If I click on it, it will bring you to root directory (/). I am trying to prevent that. I have a neverallow rule in my test.te: neverallow openoffice_exec_t root_t:dir { search }; However, it still transitions there after I touch /.autorelabel and reboot.

Thanks.        -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to with the words "unsubscribe selinux" without quotes as the message.